Operation Manual

TIP: For More Information

To learn more about concepts and denitions of SSL/TSL, refer to http://

httpd.apache.org/docs/2.2/ssl/ssl_intro.html.

20.6.1.1 Creating a “Dummy” Certicate

Generating a dummy certicate is simple. Just call the script

/usr/bin/gensslcert. It creates or overwrites the les listed below. Make use

of gensslcert's optional switches to ne-tune the certicate. Call

/usr/bin/gensslcert -h for more information.

•

/etc/apache2/ssl.crt/ca.crt

•

/etc/apache2/ssl.crt/server.crt

•

/etc/apache2/ssl.key/server.key

•

/etc/apache2/ssl.csr/server.csr

•

/root/.mkcert.cfg

A copy of ca.crt is also placed at /srv/www/htdocs/CA.crt for download.

IMPORTANT: For Testing Purposes Only

A dummy certicate should never be used on a production system. Only use

it for testing purposes.

20.6.1.2 Creating a Self-Signed Certicate

If you are setting up a secure Web server for an Intranet or for a dened circle of users,

it might be sufcient if you sign a certicate with your own certicate authority (CA).

Creating a self-signed certicate is an interactive nine-step process. Change into the

directory /usr/share/doc/packages/apache2 and run the following command:

./mkcert.sh make --no-print-directory /usr/bin/openssl

The Apache HTTP Server 391