Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual page 418

7 Generating X.509 certificate signed by own CA
8 Encrypting RSA private key of CA with a pass phrase
9 Encrypting RSA private key of SERVER with a pass phrase
The script's result page presents a list of certificates and keys it has generated. Contrary
to what the script outputs, the files have not been generated in the local directory conf,
but to the correct locations under /etc/apache2/.
404 Administration Guide
IMPORTANT: Selecting a Common Name
The common name you enter here must be the fully qualified hostname
of your secure server (for example, www.example.com). Otherwise the
browser issues a warning that the certificate does not match the server
when accessing the Web server.
Choose certificate version 3 (the default).
for security
It is strongly recommended to encrypt the private key of the CA with a password,
so choose Y and enter a password.
for security
Encrypting the server key with a password requires you to enter this password
every time you start the Web server. This makes it difficult to automatically start
the server on boot or to restart the Web server. Therefore, it is common sense to
say N to this question. Keep in mind that your key is unprotected when not en-
crypted with a password and make sure that only authorized persons have access
to the key.
IMPORTANT: Encrypting the Server Key
If you choose to encrypt the server key with a password, increase the
value for APACHE_TIMEOUT in /etc/sysconfig/apache2. Otherwise
you do not have enough time to enter the passphrase before the attempt
to start the server is stopped unsuccessfully.