You can create your own self-signed certificate. Note that a
self-signed certificate does not provide the security guarantees of
a CA-signed certificate. Refer to Section 26.5 Types of
Certificates for more details about certificates.
To make your own self-signed certificate, first create a random
key using the instructions provided in Section 26.6 Generating a
Key. Once you have a key, make sure you are in the
/usr/share/ssl/certs/ directory, and type
the following command:
The following output is shown and you are prompted for your
passphrase (unless you generated a key without a passphrase):
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key
-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase:
|
Next, you are asked for more information. The computer's output
and a set of inputs looks like the following (provide the correct
information for your organization and host):
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:North Carolina
Locality Name (eg, city) [Newbury]:Raleigh
Organization Name (eg, company) [My Company Ltd]:My Company, Inc.
Organizational Unit Name (eg, section) []:Documentation
Common Name (your name or server's hostname) []:myhost.example.com
Email Address []:[email protected]
|
After you provide the correct information, a self-signed
certificate is created in /etc/httpd/conf/ssl.crt/server.crt. Restart the
secure server after generating the certificate with following the
command:
/sbin/service httpd restart
|
