Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual page 417

Procedure 27.1 Creating a Self-Signed Certificate with mkcert.sh
1 Decide the signature algorithm used for certificates
Choose RSA ( R , the default), because some older browsers have problems with
DSA.
2 Generating RSA private key for CA (1024 bit)
No interaction needed.
3 Generating X.509 certificate signing request for CA
Create the CA's distinguished name here. This requires you to answer a few
questions, such as country name or organization name. Enter valid data, because
everything you enter here later shows up in the certificate. You do not need to
answer every question. If one does not apply to you or you want to leave it blank,
use ".". Common name is the name of the CA itself—choose a significant name,
such as My company CA.
IMPORTANT: Common Name of the CA
The common name of the CA must be different from the server's com-
mon name, so do not choose the fully qualified hostname in this step.
4 Generating X.509 certificate for CA signed by itself
Choose certificate version 3 (the default).
5 Generating RSA private key for SERVER (1024 bit)
No interaction needed.
6 Generating X.509 certificate signing request for SERVER
Create the distinguished name for the server key here. Questions are almost
identical to the ones already answered for the CA's distinguished name. The data
entered here applies to the Web server and does not necessarily need to be iden-
tical to the CA's data (for example, if the server is located elsewhere).
The Apache HTTP Server 403