M. Fioretti wrote:
On Fri, Jun 15, 2007 15:21:31 PM -0500, Jay Leafey (jay.leafey@mindless.com) wrote:
I have a strong aversion to re-inventing the wheel,
Me too, unless when it's a hidden wheel. Fact is, this is the *first* time I hear mention of this approach. See my original comments about SSL being one of the worst (doc-wise) areas in FOSS... Thanks.
# *openssl genrsa -out /etc/ssl/private/server.key 1024*
# *openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr*
# *openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \ -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt*
perhaps change the directories to match whatever your given apache version is running.
my apache dirs at present are like: /usr/local/apache/conf/ssl/
but the stock httpd on centos may be different, you get the idea though.
reading the existing centos scripts is fun too.
**
So, you confirm that "make server_and_key.pem" would do what I wrote in the original message, self-signing and no key encryption included? No big deal if key and server end up in the same file.
Thanks, Marco _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos