HTTPS

Create SSL Certificate

Secure Socket Layer (SSL) is a cryptographic protocol that provides security and data integrity for data communications over the network.

To create SSL certificate:

Step 1: Install 'Microsoft Visual C++ 2008 Redistributable Package' if it is not already installed (can be dowloaded here).

Step 2: Install the 'OpenSSL' tool (can be downloaded here).

Step 3: Add the 'Environment variables' (variable 'Path') path to the installed OpenSSL tool (for example C:\OpenSSL\bin):

• Open the 'My Computer' properties, then open the 'Advanced' tab and click on 'Environment variables'.
• Select in the 'System variables' variable 'Path' and add the value ';C:\OpenSSL\bin' at the end of the string:
  
  
  Adding the Path to the OpenSSL Tool

Step 4: Run the following command from the Windows command prompt:

openssl req -new -newkey rsa:2048 -keyout <keyFileName>.key -nodes -out <CSRFileName>.csr

OpenSSL creates both your private key and your certificate signing request and saves them to two files: '*.key' and '*.csr'.

Step 5: Request a certificate to use the created CSR from the SSL certificate providers (http://www.instantssl.com/, http://www.thawte.com/, ...).

Step 6: Create a PFX certificate file. Run the following command from the command prompt:

openssl pkcs12 -export -out <certFileName>.pfx -inkey <privateKeyFileName>.key -in <certificateFileName>.crt -certfile <CACertificateFileName>.crt

The PFX extension is used on Windows servers for files containing both the public key files (your SSL certificate files) and the associated private key (generated by your server at the time the CSR was generated).

Since both the public and private keys are needed for the SSL certificate to function, a PFX backup is needed to transfer an SSL server security certificate from one server to another.