| Red Hat Linux 7.0: The Official Red Hat Linux Reference Guide | ||
|---|---|---|
| Prev | Chapter 11. Obtaining a Certificate for your Secure Server | Next |
You can create your own self-signed certificate. Please note that a self-signed certificate will not provide the security guarantees provided by a CA-signed certificate. See the section called Types of Certificates for more details about certificates.
If you'd like to make your own self-signed certificate, you'll first need to create a random key using the instructions provided in the section called Generating a Key. Once you have a key, use the following command:
make testcert |
You'll see the following output and you'll be prompted for your password (unless you generated a key without a password):
umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: |
After you enter your password (or without a prompt if you created a key without a password), you'll be asked for more information. The computer's output and a set of inputs looks like the following (you'll need to provide the correct information for your organization and host):
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:North Carolina Locality Name (eg, city) []:Durham Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company, Inc. Organizational Unit Name (eg, section) []:Documentation Common Name (eg, your name or your server's hostname) []:myhost.mydomain.com Email Address []:myemail@mydomain.com |
After you provide the correct information, a self-signed certificate will be created and placed in /etc/httpd/conf/ssl.crt/server.crt. You'll need to re-start your secure server after generating the certificate. See the section called Starting and Stopping Apache for instructions on stopping and starting your secure Web server.