Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION Administration Manual page 419
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 11 - ADMINISTRATION:
- Installation (5 pages) ,
- Manual (450 pages)
Table of Contents
Advertisement
The last step is to copy the CA certificate file from /etc/apache2/ssl.crt/ca
.crt to a location where your users can access it in order to incorporate it into the list
of known and trusted CAs in their Web browsers. Otherwise a browser complains that
the certificate was issued by an unknown authority. The certificate is valid for one year.
IMPORTANT: Self-Signed Certificates
Only use a self-signed certificate on a Web server that is accessed by people
who know and trust you as a certificate authority. It is not recommended to
use such a certificate on a public shop, for example.
Getting an Officially Signed Certificate
There are a number of official certificate authorities that sign your certificates. The
certificate is signed by a trustworthy third party, so can be fully trusted. Publicly oper-
ating secure Web servers usually have got an officially signed certificate.
The best-known official CAs are Thawte (http://www.thawte.com/) or Verisign
(http://www.verisign.com). These and other CAs are already compiled into
all browsers, so certificates signed by these certificate authorities are automatically ac-
cepted by the browser.
When requesting an officially signed certificate, you do not send a certificate to the
CA. Instead, issue a Certificate Signing Request (CSR). To create a CSR, call the script
/usr/share/ssl/misc/CA.sh -newreq.
First the script asks for a password with which the CSR should be encrypted. Then you
are asked to enter a distinguished name. This requires you to answer a few questions,
such as country name or organization name. Enter valid data—everything you enter
here later shows up in the certificate and is checked. You do not need to answer every
question. If one does not apply to you or you want to leave it blank, use ".". Common
name is the name of the CA itself—choose a significant name, such as My company
CA. Last, a challenge password and an alternative company name must be entered.
Find the CSR in the directory from which you called the script. The file is named
newreq.pem.
The Apache HTTP Server
405
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION
Related Products for Novell LINUX ENTERPRISE SERVER 11 - ADMINISTRATION
- NOVELL LINUX ENTERPRISE DESKTOP 10 - IPRINT CLIENT
- NOVELL LINUX ENTERPRISE DESKTOP 11 - OPENOFFICE
- NOVELL LINUX ENTERPRISE SERVER 10 - STORAGE ADMINISTRATION GUIDE FOR EVMS
- NOVELL LINUX ENTERPRISE SERVER 11 - STORAGE ADMINISTRATION GUIDE 2-23-2010
- NOVELL LINUX ENTERPRISE SERVER 11 - DEPLOYMENT
- NOVELL LINUX ENTERPRISE SERVER 11 - VIRTUALIZATION
- NOVELL LINUX ENTERPRISE SERVER STARTER SYSTEM
- NOVELL LINUX ENTERPRISE DESKTOP 10
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - VIRTUALIZATION WITH XEN
- Novell eBook Reader
- NOVELL LINUX ENTERPRISE DESKTOP 11 - ADMINISTRATION GUIDE 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME
- NOVELL LINUX ENTERPRISE DESKTOP 11 - GNOME 17-03-2009
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE 17-03-2009
- Novell 3.6 05-2008