OT: SSL for user login/pw

tanger has asked for the wisdom of the Perl Monks concerning the following question:

Hi,

I want to start working with a server that uses a secure connection. I have this perl script i'm working on that requires the user to enter his login name and password. Basically i want to use ssl so his name/pw is encrypted while being sent to my server for validation. However, I do not want to pay for a SSL certificate from one of the major companies like Thawte, VeriSign, or GeoTrust. I heard that there was a way where you can just use OpenSSL or something? I'm on a windows machine and the IIS program allows you to provide a SSL certificate? Is the process of making your own SSL certificate easy? Even if its not validated and gives the annoying prompt, it doesn't matter since all i'm using this ssl connection for is to secure the data being transferred (rather then having credibility with the client).

tanger

Comment on OT: SSL for user login/pw

Replies are listed 'Best First'.
Re: OT: SSL for user login/pw by ghenry (Vicar) on Apr 09, 2005 at 15:03 UTC
See http://www.cacert.org/ And http://www.cacert.org/help.php Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]
Re: OT: SSL for user login/pw by atcroft (Abbot) on Apr 09, 2005 at 15:04 UTC
Google has several links when you search for "becoming your own CA". It is not a difficult process, as I understand it, though. Hope that helps.	[reply]
Re: OT: SSL for user login/pw by zentara (Cardinal) on Apr 09, 2005 at 17:58 UTC
It's as easy as running this script, and copying the server.key and server.crt to the locations specified in your http.conf file. `#!/bin/sh openssl genrsa 1024 >server.key #openssl genrsa -des3 1024 >server.key #if you want it password protected, this requires an attended bootup openssl req -new -key server.key -x509 -days 365 -out server.crt` [download] I'm not really a human, but I play one on earth. flash japh	[reply] [d/l]