Set Up Your Certificates
There are two ways to set up your site’s certificates: create your own and sign them yourself; or create your own and have a commercial site sign them. Commercial signatures generally require payment of an annual fee.
Table 5-5 shows a few of the commercial sites that sign certificates. There are many more than we show here. Use your favorite search engine to find more.
Table 5-5. Digital-certificate-issuing sites
|
Site |
Description |
|---|---|
|
The original certificate authority | |
|
Claims to be the largest | |
|
A business-oriented site | |
|
Is free but rarely recognized |
Before you can have your certificate signed, you need to create one. This is required because of security. You should never (and we mean never) send (or in any manner expose) your private key over the Internet. Remember, your private key is private and must remain so in order to be safe and effective.
This means that you cannot buy a certificate over the Internet and have it delivered via email or downloaded to your machine.[99] Instead, you must create your own certificate, and then send the public key to the certificate authority to be signed. Doing so is OK because the public key is world-visible and because the signature needs to be attached to the public part that is sent to others.
Create a certificate
The first step to create your own certificates is to decide where on the filesystem they may safely be stored. For ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
