automatically saves the self-signed certificatewhere Apache expects to (Web hosting provider)
automatically saves the self-signed certificatewhere Apache expects to find it. To see your certifi- cate in action, restart your Apache server: # /sbin/service httpd restartStopping httpd: [OK] Starting httpd: Apache/2.0.47 mod_ssl/2.0.47 (Pass Phrase Dialog) Some of your private key files areencrypted for security reasons. In order to read them you have to provideus with the pass phrases. Server localhost.localdomain:443 (RSA) Enter pass phrase: Ok: Pass Phrase Dialog successful. Notice that Apache now asks for the passphrase thatprotects your server s private key. Now, open a Web browser and connect tohttps://127.0.0.1Notice the preceding URL starts with httpsrather than http. That means it s connectingto a secure server. You ve just created a self-signed certificate andinstalled it on your own Apache server. Because your users may receive a warning whenthey encounter this certificate, it s a good idea togive them a little forewarning about what s going on. See the sidebar, When Mozilla encounters a self- signed certificate, for details on how this works. When Mozilla encounters a self-signed certificateSelf-signed certificates are not very trustworthy. When youvisit a site with a self-signed certificate, you should receive awarning screen from Mozilla asking if you know this jokerand if his certificate is good enough for you (see the follow- ing figure). From here, follow these steps to examine thecertificate: When you receive the final certificate, simply copy itto /etc/httpd/conf/ssl.crt/server.crtand restartyour Apache server. Creating a Self-SignedCertificateCreating a self-signed certificate with Fedora is justas easy as creating a CSR, but you end up with a testcertificate rather than a request that you send to aCA. Again, if you re not using Fedora, we recommendthat you generate SSL certificates with the help ofWebmin s Certificate and Key Management module(see Technique 17 for more details). Here are the steps you need to follow to create a self- signed certificate with Fedora: 1.Open a terminal window and give yourselfsuperuser privileges with the sucommand. 2.Move to the directory /etc/httpd/conf: # cd /etc/httpd/conf3.Type make testcertand press Enter. 4.You re prompted for the password that protectsyour private server key. Type in the passwordand press Enter. 5.OpenSSL prompts you for the same informationthat you provide when creating a CSR (loca- tion, organization, e-mail address, and so on). Answer each question in turn. After you ve answered the last question (youre-mail address), OpenSSL creates a self-signedcertificate and saves it in /etc/httpd/conf/ssl. crt/server.crt. To view the certificate at the command line, use thefollowing command: # openssl x509 -in ssl.crt/server.crt -textYou ll see that the issuer and subject are identical that s a self-signed certificate.
You want to have a cheap webhost for your apache application, then check apache web hosting services.