User`s guide
Miscellaneous Procedures 523
Administering Security Certificates for HTTPS and SSH on the OnSite
default_keyfile = ./private/cakey.pem
default_md = md5
prompt = no
distinguished_name = root_ca_distinguished_name
x509_extensions = root_ca_extensions # Extensions to add to the self
# signed cert
[ root_ca_distinguished_name ]
commonName = Example CA
stateOrProvinceName = mystate
countryName = US
emailAddress = myname
organizationName = Cyclades
[ root_ca_extensions ]
basicConstraints = CA:TRUE
#################################################################
Figure 8-1: /etc/openssl.cnf
The following table shows the tasks for obtaining a signed certificate and
where the tasks are documented.
Table 8-4: Tasks for Obtaining an SSL Signed Certificate from a CA
Task Where Documented
Regenerating the local self-signed certificate so it
contains information specific to your
organization. (This should usually be done only
as a temporary measure while awaiting a signed
certificate from a CA.)
“To Configure an SSL Certificate With
Your Organization’s Data” on page 524
Obtaining a signed certificate from a CA in either
of the two following ways:
• By setting up a local CA and generating your
own certificate
• By requesting a certificate from an official CA
“To Obtain an Signed Certificate From
a Certificate Authority” on page 526