...
From the results, we chose a free simple SSL certificate from the CA StartCom in a SSL certificate package called StartSSL Free.
SSL Setup (using openssl)
...
Server
...
Server keys must be generated for the the [Certificate Signing Request (CSR)|http://en.wikipedia.org/wiki/Certificate_signing_request]. There is more than one option to create the keys but openssl seems to be the more straight forward and popular choice.
Openssl will create one key at a time where as utilities such as IBM's ikeyman can create both in one step. The private key is needed to complete the CSR. When it comes time for renewal, you can use your existing private key to generate the CSR and public key OR generate a new one. It is to be determined whether it is best practice to create a new private key every time the keys expire or to use your existing one.
Generate Server Private Key
There are two options for generating the keyskey,
- Without Passphrase Encryption
- With Passphrase Encryption
...