In order to provide Transport Layer Security (TLS), same as for its predecessor Secure Sockets Layer (SSL), it is not compulsory to use a digital certificate issued by one of the well-known (trusted) certification authorities (CA), in case when authentication of the server is not of a particular interest. The so-called self-signed certificate (i.e. an identity certificate signed by the same entity whose identity it should certify) is able to ensure that the connection is secure.
1) Generate self-signed certificate, depending on the particular server environment (e.g. using keytool).
2) Configure the server to serve the requests over HTTPS.
3) Inform the client about the need to whitelist the self-signed certificate.
apache2-ssl-certificate
a2enmod ssl
Listen 443
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
For creating a working key for IIS Server you need to create the key in IIS Manager Console.
1. Create a new Certification Request in IIS Management Console for a specified website.
2. The newly created Request has to be signed now. Therefore you can use some Certification Authority (CA) like Thawte or VeriSign, they also provide temporary certificates for testing purposes.
It is also possible to do this step by yourself by using "IIS 6.0 Resource Kit Tools".
3. Take the whole text from Certification Request generated by IIS and copy it into the enrollment form for CA and select the format (in this case IIS 5.0 or 6.0)
4. Now a certificate will be generated by the CA you can store in a *.cer file.
5. You can take this file now and assign it to the pending request on IIS and the SSL authentification should work.