M. Fioretti wrote: > On Fri, Jun 15, 2007 15:21:31 PM -0500, Jay Leafey > (jay.leafey at mindless.com) wrote: > > >> I have a strong aversion to re-inventing the wheel, >> > > Me too, unless when it's a hidden wheel. Fact is, this is the *first* > time I hear mention of this approach. See my original comments about > SSL being one of the worst (doc-wise) areas in FOSS... Thanks. > # *openssl genrsa -out /etc/ssl/private/server.key 1024* # *openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr* # *openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \ -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt* perhaps change the directories to match whatever your given apache version is running. my apache dirs at present are like: /usr/local/apache/conf/ssl/ but the stock httpd on centos may be different, you get the idea though. reading the existing centos scripts is fun too. ** > So, you confirm that "make server_and_key.pem" would do what I wrote > in the original message, self-signing and no key encryption included? > No big deal if key and server end up in the same file. > > Thanks, > Marco > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >