Operation Manual
/usr/sbin/ custom. Do not attempt to run this command from outside this direc-
tory. The program provides a series of prompts, some of which require user input.
Procedure 20.4:
Creating a Self-Signed Certicate with mkcert.sh
1
Decide the signature algorithm used for certificates
Choose RSA (R, the default), because some older browsers have problems with DSA.
2
Generating RSA private key for CA (1024 bit)
No interaction needed.
3
Generating X.509 certificate signing request for CA
Create the CA's distinguished name here. This requires you to answer a few questions,
such as country name or organization name. Enter valid data, because everything
you enter here later shows up in the certicate. You do not need to answer every
question. If one does not apply to you or you want to leave it blank, use “.”. Common
name is the name of the CA itself—choose a signicant name, such as My company
CA.
IMPORTANT: Common Name of the CA
The common name of the CA must be different from the server's common
name, so do not choose the fully qualied hostname in this step.
4
Generating X.509 certificate for CA signed by itself
Choose certicate version 3 (the default).
5
Generating RSA private key for SERVER (1024 bit)
No interaction needed.
6
Generating X.509 certificate signing request for SERVER
Create the distinguished name for the server key here. Questions are almost identical
to the ones already answered for the CA's distinguished name. The data entered here
applies to the Web server and does not necessarily need to be identical to the CA's
data (for example, if the server is located elsewhere).
392 Reference