Wednesday, May 26, 2004

Here is what I have learned about SSL certificates for a web server. You generate a CSR (certificate signing request), and a private key on your box. You send the CSR to the CA (certificate authority) and they send you a Certificate. You are supposed to be careful to guard your private key. It is the key to validating your identity.

When generating the key you have to choose the key length. Generally your choices are 512, 1024, and 2048. 1024 bits are the most popular ones in use for commercial transactions. Most respectable sites use 128 bit encryption.

Certificates are only good for a certain amount of time, usually a year. CA usually charge between $50 and $800. Verisign and Thawte are the two most respected CAs.
You can view a sites certificate details in IE by double clicking the lock icon in lower right corner on status bar. In IE, you can view the CA's that your browser trusts by going to Tools->Internet Options -> Content (tab) -> Certificates -> Trusted Root Certification Authorities.

Consider buying the certificate from the ISP you use. I bought mine from another source and when I had problems the CA didn't support installation, and my ISP blamed the CA's certificate. In the end I used my ISP and the Plesk interface made it relatively simple.