Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE

141

142

143

144

145

146

147

148

149

150

Chapter 14. Apache Secure Server Conﬁguration 145

• Do not use either of the extra attributes (A challenge password and An optional com-

pany name). To continue without entering these ﬁelds, just press [Enter] to accept the

blank default for both inputs.

When you have ﬁnished entering your information, a ﬁle named server.csr will be created.

This ﬁle is your certiﬁcate request, ready to send to your CA.

After you have decided on a CA, follow the instructions they provide on their website. Their

instructions will tell you how to send your certiﬁcate request, any other documentation that

they require, and your payment to them.

After you have fulﬁlled the CA’s requirements, they will send a certiﬁcate to you

(usually by email). Save (or cut and paste) the certiﬁcate that they send you as

/etc/httpd/conf/ssl.crt/server.crt.

14.8. Creating a Self-Signed Certiﬁcate

You can create your own self-signed certiﬁcate. Please note that a self-signed certiﬁcate will

not provide the security guarantees provided by a CA-signed certiﬁcate. See Section 14.5 for

more details about certiﬁcates.

If you would like to make your own self-signed certiﬁcate, you will ﬁrst need to create a

random key using the instructions provided in Section 14.6. Once you have a key, use the

following command:

make testcert

You will see the following output and you will be prompted for your password (unless you

generated a key without a password):

umask 77 ; \

/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key

-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt

Using configuration from /usr/share/ssl/openssl.cnf

Enter PEM pass phrase:

After you enter your password (or without a prompt if you created a key without a pass-

word), you will be asked for more information. The computer’s output and a set of inputs

looks like the following (you will need to provide the correct information for your organiza-

tion and host):

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a

DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ’.’, the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:North Carolina

Locality Name (eg, city) []:Durham

Organization Name (eg, company) [Internet Widgits]:My Company, Inc.

Organizational Unit Name (eg, section) []:Documentation

Common Name (your name or server’s hostname) []:myhost.example.com

Email Address []:myemail@example.com