First, I'd recommend that you spend a little time reading up on X.509
certificates and how they relate to public key cryptography. There
are nasty consequences if you get things wrong that extend well past
wasting $100 on a certificate you can't use.
> So do I have to use pass phrases when generating the certificate? If
Certificates don't have passphrases, private keys do. A key passphrase
gives some measure of protection should the file containing your key
fall into someone else's hands, e.g. by compromising your server. If
you private key is disclosed, an attacker could impersonate your sever.
> Also if I use a pass phrase do I have to tell apache about it? Does it
Putting it in a configuration file would defeat the purpose, no?
Yes, if you use a passphrase then you need to tell Apache about it every
time it is reloaded. For this reason, many web servers do not set
passphrases on their keys.
> Also what command do you use to do this? Please tell all :)
openssl req
OpenSSL is complex and patchily documented, it assumes that its users
are quite familiar with x.509 certificates and public key cryptography.
There are some frontends that make things more simple, and some good
guides on the net. Try typing "openssl certificate" into your favourite
search engine for a few.
> One last thing who would you recomend to sign my csr?
Go for the cheapest certification authority that is supported by Firefox
and Internet Explorer. Do not be fooled by any claims of "premium
certification" as the overwhelming majority of users do not check the
CA details.
> Thanks sorry for the stupid questions but I've never done this before
Like I said, risking $100 on a dud cert is the least of your worries.
