[CentOS] which commands do you use to SSL certify your own server?
Karl R. Balsmeier
karl at klxsystems.net
Sat Jun 16 00:14:55 UTC 2007
M. Fioretti wrote:
> On Fri, Jun 15, 2007 15:21:31 PM -0500, Jay Leafey
> (jay.leafey at mindless.com) wrote:
>> I have a strong aversion to re-inventing the wheel,
> Me too, unless when it's a hidden wheel. Fact is, this is the *first*
> time I hear mention of this approach. See my original comments about
> SSL being one of the worst (doc-wise) areas in FOSS... Thanks.
# *openssl genrsa -out /etc/ssl/private/server.key 1024*
# *openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr*
# *openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
-signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt*
perhaps change the directories to match whatever your given apache version is running.
my apache dirs at present are like: /usr/local/apache/conf/ssl/
but the stock httpd on centos may be different, you get the idea though.
reading the existing centos scripts is fun too.
> So, you confirm that "make server_and_key.pem" would do what I wrote
> in the original message, self-signing and no key encryption included?
> No big deal if key and server end up in the same file.
> CentOS mailing list
> CentOS at centos.org
More information about the CentOS