Pug’s Place

I did some work on our apartment’s server today (whose address is not for public knowledge), among other things I added SSL support to its web server. But to add SSL support I needed a key. Most people just generate their own key and sign it themselves, which works fine (but makes web browsers pop up a “hey, we don’t trust this key signer…” message). I, however, am too clever. So, without paying anything I have a key signed by a central key authority. How, you ask? I pulled out my quantum computer prototype and recreated their private key.

No, just kidding. I actually signed up with CAcert.org, a free certificate authority. All you have to do is authenticate your domain (by responding to an email sent to admin@yourdomain.net), upload a Certificate Request and download your new signed certificate. This was nicely explained at the Gentoo Wiki, so it was a relatively painless operation. The only thing to remember is to use your website’s hostname (e.g.: pugsplace.net) for the Common Name field, even though the prompt (on my version of openssl) said “Enter your name.”.

Sidenote: to install CAcert’s root certificate in your web browser so that your browser trusts them, just click here: CACert’s Root Certificate (PEM Format).