Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 04-08-2006 Installation Manual page 780

TIP: For More Information
To learn more about concepts and definitions of SSL/TSL, refer to
httpd.apache.org/docs/2.2/ssl/ssl_intro.html.
Creating a "Dummy" Certificate
Generating a dummy certificate is simple. Just call the script
/usr/bin/gensslcert. It creates or overwrites the following files:
• /etc/apache2/ssl.crt/ca.crt
• /etc/apache2/ssl.crt/server.crt
• /etc/apache2/ssl.key/server.key
• /etc/apache2/ssl.csr/server.csr
A copy of ca.crt is also placed at /srv/www/htdocs/CA.crt for download.
IMPORTANT
A dummy certificate should never be used on a production system. Only use
it for testing purposes.
Creating a Self-Signed Certificate
If you are setting up a secure Web server for an Intranet or for a defined circle of users,
it might be sufficient if you sign a certificate with your own certificate authority (CA).
Creating a self-signed certificate is an interactive nine-step process. Change into the
directory /usr/share/doc/packages/apache2 and run the following command:
./mkcert.sh make --no-print-directory /usr/bin/openssl
/usr/sbin/ custom. Do not attempt to run this command from outside this direc-
tory. The program provides a series of prompts, some of which require user input.
Procedure 41.1 Creating a Self-Signed Certificate with mkcert.sh
1 Decide the signature algorithm used for certificates
780 Installation and Administration
http://