admintasks:makecert
Table of Contents
howto create self-signed certificates
certificate authority
openssl genrsa -des3 -out private/ca.key 2048 openssl req -new -x509 -days 3650 -key private/ca.key -out certs/ca.crt
server certificate
SITE=example_com cd /etc/ssl/ openssl genrsa -out $SITE.key 2048 openssl req -new -sha256 -key $SITE.key -out $SITE.csr openssl ca -out $SITE.crt -infiles $SITE.csr rm newcerts/<index>.pem rm $SITE.csr mv $SITE.key private/ mv $SITE.crt certs/
oder:
openssl req -new -sha256 -subj /CN=$SITE -newkey rsa:2048 -nodes -keyout $SITE.key -out $SITE.csr
self sign:
openssl x509 -req -days 3650 -in $SITE.csr -signkey $SITE.key -out $SITE.crt
httpd.conf:
SSLCertificateFile /etc/ssl/certs/wildcard_30hopsmax_at.crt SSLCertificateKeyFile /etc/ssl/private/wildcard_30hopsmax_at.crt
CSR für CACert mit SubAltNames
admintasks/makecert.txt · Last modified: 2014/08/14 14:02 by hop