| Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide | ||
|---|---|---|
| Prev | Chapter 13. Using Apache as a Secure Web Server | Next |
You can create your own self-signed certificate. Please note that a self-signed certificate will not provide the security guarantees provided by a CA-signed certificate. See the section called Types of Certificates for more details about certificates.
If you would like to make your own self-signed certificate, you will first need to create a random key using the instructions provided in the section called Generating a Key. Once you have a key, use the following command:
make testcert |
You will see the following output and you will be prompted for your password (unless you generated a key without a password):
umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: |
After you enter your password (or without a prompt if you created a key without a password), you will be asked for more information. The computer's output and a set of inputs looks like the following (you will need to provide the correct information for your organization and host):
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:North Carolina Locality Name (eg, city) []:Durham Organization Name (eg, company) [Internet Widgits]:My Company, Inc. Organizational Unit Name (eg, section) []:Documentation Common Name (your name or server's hostname) []:myhost.mydomain.com Email Address []:myemail@mydomain.com |
After you provide the correct information, a self-signed certificate will be created and placed in /etc/httpd/conf/ssl.crt/server.crt. You will need to restart your secure server after generating the certificate. See the section called Starting and Stopping httpd in Chapter 14 for instructions on restarting your secure Web server.