[CentOS] which commands do you use to SSL certify your own server?

Karl R. Balsmeier karl at klxsystems.net
Sat Jun 16 00:14:55 UTC 2007

M. Fioretti wrote:
> On Fri, Jun 15, 2007 15:21:31 PM -0500, Jay Leafey
> (jay.leafey at mindless.com) wrote:
>> I have a strong aversion to re-inventing the wheel,
> Me too, unless when it's a hidden wheel. Fact is, this is the *first*
> time I hear mention of this approach. See my original comments about
> SSL being one of the worst (doc-wise) areas in FOSS... Thanks.

    # *openssl genrsa -out /etc/ssl/private/server.key 1024*

    # *openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr*

    # *openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
           -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt* 

    perhaps change the directories to match whatever your given apache version is running.

    my apache dirs at present are like:  /usr/local/apache/conf/ssl/

    but the stock httpd on centos may be different, you get the idea though.

    reading the existing centos scripts is fun too.


> So, you confirm that "make server_and_key.pem" would do what I wrote
> in the original message, self-signing and no key encryption included?
> No big deal if key and server end up in the same file.
> Thanks,
> 	Marco
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

More information about the CentOS mailing list