To activate your Web server's SSL security features, you must obtain and install a valid server certificate. Server certificates are digital identifications containing information about your Web server and the organization that is sponsoring the server's Web content. A server certificate enables users to authenticate your server, check the validity of the Web content, and establish an encrypted connection. The server certificate also contains a public key, which is used in creating an encrypted connection between the client and server.
The success of a server certificate as a means of identification depends on whether the user trusts the validity of the information that is contained in the certificate. For example, a user logging on to your company's Web site might be hesitant to provide credit card information, despite having viewed the contents of your company's server certificate. This might be especially true if your company is new and not well known. If this is the case, consider obtaining a server certificate from a certification authority.
Alternatively, depending on your organization's relationship with its Web site users, you can issue your own server certificates. For example, in the case of a large corporate intranet handling employee payroll and benefits information, corporate management might decide to run a certificate service assuming responsibility for validating identification information and issuing server certificates. For more information see Obtaining and Installing Server Certificates.