User Tools

Site Tools


This is an old revision of the document!

How to create an SSL Certificate

The basic mechanism to create an SSL certificate is that you have to generate a CSR (Certificate Signing Request) then send that to a CA (Certificate Authority) who will sign your certificate and give you the certificate back.

When you generate the CSR, you will also generate a Private Key file. This isn't sent anywhere, but is needed, so keep it safe.

VPOP3 requires certificates & private keys to be in .PEM (Privacy Enhanced Mail) format which is a common format used by most people other than Microsoft. There are ways to convert .P12 .PFX and .CER files to PEM format, but those are outside the scope of this article.

There are many ways to generate a CSR, so if you have a favourite program to do that, which can produce the files in .PEM format, feel free to use that. Otherwise, you can use the GenCert program from our website.

Once you have generated the CSR you need to send it to a Certificate Authority. This is typically someone like GeoTrust, Verisign etc. They will charge you (typically somewhere betwee £80 to £800 per year) to sign the certificate, and you will need to prove your identity to the CA by some means. The level of this proof usually depends on the type of certificate. Some will just need you to prove you own that domain (eg by acknowledging that you receive an email to the domain), others will need you to send in copies of documentation.

You can also set up as your own CA. The GenCert program above will let you do this, other programs are available to do this. This is free, but when you access a service using a certificate signed by your own CA, the email client or web browser may warn you that the certificate is not validated properly, and you will need to accept the warning. The data will still be encrypted just as with a £800 Verisign certificate, but the warning may not be desirable, and the server's identity will not be verified. It can be useful to use this method for testing, and then have a recognised CA sign the certificate when you are ready for wider deployment.

We can obtain GeoTrust certificates for you for £49 (+VAT if applicable) per year. Please contact us for details as we need extra information to produce the certificate for you

how_to/create_an_ssl_certificate.1265192589.txt.gz · Last modified: 2018/11/14 10:44 (external edit)