Generating and installing a self-signed SSL certificate
This tutorial explains how to generate a self-signed SSL certificate and install it on your site.
Generating a private key
- Open the console.
- Select SSL/TLS Certificates.
- Press Add in the Private Keys table.
- Enter a name of your choice for the new key you'll generate. For example, enter console_key in Name.
- Set Action to Generate.
- Set Type to RSA 2048 bit to have the best level of security.
- Press OK.
Abyss Web Server will spend a few seconds to compute the new key. If your computer is slow or overloaded, generating a key could need up to a minute.
Generating a self-signed certificate
- Press Add in the Certificates table.
- Enter a name of your choice for the new certificate which will be generated. For example, enter test_cert in Name.
- Set Private Key to the key you have just generated.
- Set Type to Self-Signed certificate.
- Enter the name of the site in Host Name (Common Name). For example, if your site is to be accessed using https://www.example.com, enter www.example.com and not example.com.
- Fill the other fields with your information: These will be included in the self-signed certificate. Note that the 2-letter code of the United Kingdom is GB. For a detailed list of country codes, please refer to the official ISO 3166-1-alpha-2 codes listing.
- Press OK.
- Press OK one more time to leave the SSL/TLS Certificates dialog.
Assigning the certificate to a host
If you are using Abyss Web Server X1
- Press Configure in the Hosts table.
- Select General.
- Set Protocol to HTTPS.
- Set HTTPS Port to 443 (its default value) or to another value if that port is already used by another application.
- Select the certificate you've just generated in Certificate.
- Press OK.
- Press Restart.
If you are using Abyss Web Server X2
You can add a new host which Protocol is HTTPS or HTTP+HTTPS and which Certificate is set to the certificate you have just created.
Alternatively, you can edit an already declared host, change its Protocol from HTTP to HTTPS or HTTP+HTTPS, and choose the certificate you have just created to be used by it.
Testing the SSL-enabled host
Now try accessing your site using https://SITE instead of http://SITE.
The browser will open a warning dialog where it asks you to confirm that you really want to access that URL which has a certificate signed by an unknown authority (which is you in that case).
Confirm that you still want to access and your browser will display the site properly. You will also notice that the page is secured (a padlock will be displayed in the status bar or your address bar color will be altered).
Note about the Protocol field
If Protocol is set to HTTPS, the host will only be accessible using https://SITE.
If Protocol is set to HTTP+HTTPS, the host will be accessible using both http://SITE and https://SITE. HTTP+HTTPS is only available in the professional edition Abyss Web Server X2.
Note about the security of self-signed certificates
A site using a self-signed certificate offers the same security as a site using a certificate signed by a certification authority since the encryption is private key dependent only. But consider that self-signed certificates cannot be trusted by visitors who do not know you. So use them only for tests or for sites which access is limited and which visitors trust you (for example in an Intranet or for a family Web site).