HTTPS and Certification for dummies
Solution 1:
Answers (kind of):
- No : you need to generate SSL certificate and a private key (the public key is embedded in the certificate) : assuming X509 certificates
- Yes : generally speaking it is a good idea. For example: when you install mod_ssl module to apache server is by default configured to use port 443. For any more pointers look into configuring Apache and mod_ssl.
- Yes : to be more precise : the traffic between your browser and the server IS encrypted unless you leave the page (whatever 'page' means in this case is defined in the configuration on the server : again look at Apache configuration).
- The browser usually will ask you to add 'exception' to its SSL connection rules. That happens because your browser does not trust trust the certificate of your server. To be more precise it does not trust it because it is not signed by any CA (Certificate Authority) that is trusted by your browser (so called 'chain of trust').
- Yes and No. If you want that all browsers installed by all users on this planet to trust your server: YES. If you want just your browser to trust it: NO : you can always configure your own browser to trust your particular server.
I hope that helps. I know that many of the things I wrote may be not precise enough, but I don't know how broad your current knowledge on the subject is.