SSL (Secure Socket Layer) and its successor TLS (Transport Layer Security) are two technologies that enable secure communications on a massive global scale. To facilitate SSL or TLS encryption between any two computers, an X.509 Digital Certificate is required on at least one end of the connection. The Digital Certificate is usually installed at the Server end because it makes it simple for any end user to make a secure SSL or TLS connection to the server without a Digital Certificate on the client end. A trusted third party called a CA (Certificate Authority) like VeriSign, Entrust, GeoTrust, or GoDaddy asserts the authenticity of the Digital Certificate with a Digital Signature so that the client knows that the Server isn't fake. This trust comes from the fact that these Certificate Authorities have their Root Certificates with Public Keys pre-installed in every nearly every Operating System and Application on the market.
Therefore to enable SSL or TLS secure communications on a Server with the general public, Server administrators need to acquire a Digital Certificate from any trusted third party CA and this is usually done through an offline web-based request. Since I've gotten requests from Administrators who read my blog entry "A secure Wireless LAN hotspot for anonymous users" how to go about doing this, I've created the following procedure for buying a Digital Certificate. This procedure works on VPN Concentrators, Web Servers, RADIUS Servers, or anything that uses standard X.509 Digital Certificates.