SSL certificates are important in the security and business aspect in the online world. This entails paying a little extra in order to get that extra security your site needs. After all, nobody wants all their data compromised because the site is not secure.
You can get SSL certificates at GoDaddy for a price of course. But what makes these even better is that there are online coupon codes where you can get such certificates at much lesser the original cost.
I use Apache’s HttpClient library for all my URL related needs. It is a marvelous library that does most of the job behind the scenes. Compared the Java’s URL class, it is not as easy to use as Apache’s HttpClient. While using this library, a site that I commonly check for updates threw the exception message javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated.
When I checked the site, it seemed that its SSL certificated had expired. The only workaround for this is to create your own TrustManager. This class actually checks if the SSL certificate is valid. The scheme used by SSL is called X.509 and Java has a specific TrustManager for this scheme, called X509TrustManager.
This handy method created by theskeleton is just the perfect solution to have your HttpClient object bypass any SSL related errors and ensures that it accepts all SSL certificates of a site, whether it is expired or not.
When I do sideline work, I always use Apache HTTP Server as the web server and PHP as the programming language.
This, together with MySQL are totally free and you do not have to worry about money and legal issues and other annoying extra modules needed to be downloaded (say .NET if the PC does not have the framework installed).
Especially in Windows, setting these up is pretty easy (unlike unix based operating systems which is so much of a hassle). Anyway, if you plan to have your site use SSL for secure transactions, you only need 3 files (as this was my experience where the site is hosted with GoDaddy’s).
You need to do the following …
– Generate a KEY file
– Generate the CSR file.
To generate a KEY and a CSR file, you can use OpenSSL to generate them. But you first need to create a KEY file in order to create a CSR file. To generate a KEY file, do this …
There is also an option that will encrypt the KEY file although I did not opt to encrypt it because it is not supported in Windows. At least that was the error that I got in Apache server’s logs.
To avoid confusion, it is best to use your domain name as the name of the files. Although this is not really important since the content of the files are what is really important.
Once you have the CSR file, you can then send the contents of that file to GoDaddy so they can generate you the SSL certificate file with the extension CRT.
Note that you must not delete the KEY file as it is needed when you will configure your web server to use SSL. Upon creating a CSR file, you will be asked some questions. Please take note of the following.
Common Name – this is not the owner’s name whatsoever. The correct value for this is your domain url e.g. www.domain.com Organization Name – The exact legal name of your organization. Do not abbreviate Organization Unit – Section of the organization (not really important. up to you) City or Locality – The city where your organization is located. Do not abbreviate State or Province – The state or province where your organization is legally located. Country – The two-letter country code.