1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. ENTERPRISE LINUX 3 - SECURITY GUIDE
  6. System administration manual

Creating A Self-Signed Certificate - Red Hat ENTERPRISE LINUX 3 System Administration Manual

Hide thumbs Also See for ENTERPRISE LINUX 3:
Table of Contents

Advertisement

212
The default answers appear in brackets
first information required is the name of the country where the certificate will be used, shown like the
following:
Country Name (2 letter code) [GB]:
The default input, in brackets, is
letter code.
You have to type in the rest of the values. All of these should be self-explanatory, but you need to
follow these guidelines:
Do not abbreviate the locality or state. Write them out (for example, St. Louis should be written out
as Saint Louis).
If you are sending this CSR to a CA, be very careful to provide correct information for all of
the fields, but especially for the
information provided in the CSR to determine whether your organization is responsible for what
you provided as the
invalid.
For
Common Name
and not any aliases which the server may have.
The
Email Address
Avoid any special characters like @, #, &, !, etc. Some CAs reject a certificate request which
contains a special character. So, if your company name includes an ampersand (&), spell it out as
"and" instead of "&."
Do not use either of the extra attributes (
). To continue without entering these fields, just press [Enter] to accept the blank default for
name
both inputs.
The file
/etc/httpd/conf/ssl.csr/server.csr
your information. This file is your certificate request, ready to send to your CA.
After you have decided on a CA, follow the instructions they provide on their website. Their instruc-
tions tell you how to send your certificate request, any other documentation that they require, and your
payment to them.
After you have fulfilled the CA's requirements, they send a certificate to you (usually by email). Save
(or cut and paste) the certificate that they send you as
Be sure to keep a backup of this file.
27.8. Creating a Self-Signed Certificate
You can create your own self-signed certificate. Note that a self-signed certificate does not provide the
security guarantees of a CA-signed certificate. See Section 27.5 Types of Certificates for more details
about certificates.
To make your own self-signed certificate, first create a random key using the instructions
provided in Section 27.6 Generating a Key. Once you have a key, make sure you are in the
/usr/share/ssl/certs
make testcert
The following output is shown, and you are prompted for your passphrase (unless you generated a key
without a passphrase):
Chapter 27. Apache HTTP Secure Server Configuration
[]
. To accept the default, press [Enter], or fill in your country's two
GB
Organization Name
. CAs rejects CSRs which include information they perceive as
Common Name
, make sure you type in the real name of your secure server (a valid DNS name)
should be the email address for the webmaster or system administrator.
directory, and type the following command:
immediately after each request for input. For example, the
and the
A challenge password
is created when you have finished entering
/etc/httpd/conf/ssl.crt/server.crt
. CAs check the
Common Name
and
An optional company
.

Advertisement

Table of Contents
loading

Related Manuals for Red Hat ENTERPRISE LINUX 3

Related Content for Red Hat ENTERPRISE LINUX 3

Table of Contents