Certificates

The Certificates app allows you to generate SSL certificates for use with arkOS websites or services. These certificates are appended to the service in question, and once this is complete, SSL is automatically enabled and functioning on the service.

How to Use
The main application pane lists certificates that you have on your system that are recognized by Genesis. From here, click Generate certificate to generate a new certificate. The Generate Certificate dialog has the following options:


 * Certificate Name: An internal name that will show up in Genesis and on your hard drive. Required.
 * Country: A two-letter indication of your country, such as “US” for the United States or “CA” for Canada.
 * State or Province: Your state or province of residence.
 * Locality: Your city, town, village or township of residence.
 * Server Address: The address with which your SSL certificate is registered (domain name or IP address). This is not mandatory but is highly recommended for websites operating on the public Internet. If provided, this certificate will only work when the site or plugin it is registered to is accessed via this address.
 * Email: Your email address.
 * Assign to: A list of servers or websites that you can assign this SSL certificate to. You can also assign it to use with Genesis. You don’t have to assign it to something now. If you want, you can do so later in the Info panel.

The pane lists different certificates you generated, as well as basic information about each one. Click the Info button to display a dialog with more information. The Info dialog displays a list of services that you can assign this plugin to. Click Assign or Unassign as necessary. Once you unassign a service from a certificate, SSL is disabled and unusable on that service until you assign another SSL certificate to it.

Click Delete to delete a certificate. This disables SSL on any services that were assigned to the certificate before deletion.

Self-signed versus third-party
Both self-signed and third-party certificates let you encrypt traffic across the public Internet. However, third-party certificates undergo tests by a trusted third-party (known as a Certificate Authority) to verify that the owner of the certificate matches the owner of the website. Third-party certificates are recommended for websites open to the general public. Self-signed certificates are fine for personal use.

If the certificate is solely for your own use, self-signed certificates technically offer the highest level of security (since you avoid delegating trust to a third-party). However, self-signed certificates display a warning in the web browser since the browser can't verify the certificate with a Certificate Authority. Certificates from trusted third-parties bypass the warning messages in browsers but usually require a fee for this service. StartCom offers free certificates for non-commercial use.