20.8. Creating a Self-Signed Certificate
You can create your own self-signed certificate. Note that a
self-signed certificate does not provide the security guarantees
of a CA-signed certificate. See Section 20.5 Types of Certificates for more details about certificates.
If you would like to make your own self-signed certificate, you will
first need to create a random key using the instructions provided in
Section 20.6 Generating a Key. Once you have a key,
make sure you are in the /usr/share/ssl/certs
directory, and type the following command:
You will see the following output, and you will be prompted for your passphrase
(unless you generated a key without a passphrase):
(you will
need to provide the correct information for your organization and host):
few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:North Carolina
Locality Name (eg, city) [Newbury]:Raleigh
Organization Name (eg, company) [My Company Ltd]:My Company, Inc.
Organizational Unit Name (eg, section) []:Documentation
Common Name (your name or server's hostname) []:myhost.example.com
Email Address []:myemail@example.com |
After you provide the correct information, a self-signed certificate
will be created in
/etc/httpd/conf/ssl.crt/server.crt. You will need to
restart your secure server after generating the certificate with
following the command:
/sbin/service httpd restart |
