To run a webserver securely using a properly signed certificate (not self signed) you need to buy a proper certificate through one of the companies listed with a root certificate (meaning your browser recognises them as a legitimate certificate authority)
If you don’t plan to sell anything, or your customers don’t mind installing the root certificate, CAcert will issue free certificates. They’re quite useful on things like mail servers, VPNs and Intranets.
For a wide range of SSL certificates from as little as £8 per year (RapidSSL, SBS and GeoTrust) visit http://www.servwise.com.
Cheap as chips certificates can also be bought through http://www.instantssl.com.
For a potentially more trustworthy cert Thawte or Verisign also sell certificates.
Certificate Signing Request
To actually make the purchase you’ll need to generate a CSR (Certificate Signing Request) on the webserver which will host the SSL site.
Each webserver handles this differently but on Apache with mod_ssl/openssl you can do a:
openssl req -new -nodes -keyout secure.mydomain.com.key -out secure.mydomain.com.csr
On IIS there is a wizard to generate the CSR.
Now enter all of your details in, be careful with the Company Name field as this should match exactly the name the domain (e.g. mydomain.com) is registered to. Otherwise you’ll have to send in some docs to the Cert Authority to prove who you are…
Also note that the Common Name is the actual name of the secure host you are buying (e.g. secure.mydomain.com)
Once you have created the CSR and Key, keep the Key safe somewhere and submit the CSR during the purchase of your cert.
On IIS this is not automatic. See http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2cfeeba2-511f-47e8-913c-f196b74e6a44.mspx?mfr=true
If you ever need to re-install or move the certificate the Key is essential – without it you may have to buy a new certificate.
Also for a good list of intructions for many different OS/Control Panel systems visit http://www.securebusinessservices.com/help/generate-certificate-signing-request-csr.asp
Features of SSL
HOWTO: Set Up SSL Using IIS 5.0 and Certificate See