[lug] self-signed apache certs on fedora core?

Jeffrey Brown jabrown at co.jefferson.co.us
Tue Sep 6 12:11:47 MDT 2005


I never did like the wrapper scripts provided by Linux distributions. If
all you want is a self-signed cert do the following:

Taken from here (wrapped):
http://www.openbsd.org/cgi-bin/man.cgi?query=ssl&sektion=8&apropos=0&manpath=OpenBSD+Current&arch=i386


# openssl genrsa -out /etc/ssl/private/server.key 1024
# openssl req -new -key /etc/ssl/private/server.key -out
/etc/ssl/private/server.csr
# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey
/etc/ssl/private/server.key -out /etc/ssl/server.crt

I think other details about this can be found in the openssl man pages
such as ca, x509, req and genrsa etc., if those man pages are installed
;)  If you want full blown PKI consider the above commands the
generation of your root certificate (change the days of course), iterate
through it again replacing file names to the new certfile and the
-signkey directive to the original root cert key.


>>> stimits at comcast.net 9/5/2005 5:23:02 PM >>>
Has anyone here found a way to use those provided 
scripts or Makefile to create a self-signed cert? If so, did you edit 
those scripts any? So far I've been able to create everything up to but

not including my private CA (thus I'm unable to sign).



More information about the LUG mailing list