Creating A Self-Signed Certificate - Red Hat ENTERPRISE LINUX 4 System Administration Manual

• Do not use either of the extra attributes (A challenge password and An optional company
name). To continue without entering these fields, just press Enter to accept the blank default for
both inputs.
The file /etc/httpd/conf/ssl.csr/server.csr is created when you have finished entering
your information. This file is your certificate request, ready to send to your CA.
After you have decided on a CA, follow the instructions they provide on their website. Their
instructions tell you how to send your certificate request, any other documentation that they require,
and your payment to them.
After you have fulfilled the CA's requirements, they send a certificate to you (usually by email). Save
(or cut and paste) the certificate that they send you as /etc/httpd/conf/ssl.crt/server.crt.
Be sure to keep a backup of this file.

25.8. Creating a Self-Signed Certificate

You can create your own self-signed certificate. Note that a self-signed certificate does not provide the
security guarantees of a CA-signed certificate. Refer to
details about certificates.
To make your own self-signed certificate, first create a random key using the instructions provided in
Section 25.6, "Generating a
certs/ directory, and type the following command:
make testcert
The following output is shown and you are prompted for your passphrase (unless you generated a key
without a passphrase):
umask 77 ; \
/usr/bin/openssl req -new -key -set_serial num /etc/httpd/conf/ssl.key/server.key
-x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
Enter pass phrase:
Next, you are asked for more information. The computer's output and a set of inputs looks like the
following (provide the correct information for your organization and host):
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:North CarolinaLocality Name (eg,
city) [Newbury]:RaleighOrganization Name (eg, company) [My Company Ltd]:My Company,
Inc.Organizational Unit Name (eg, section) []:DocumentationCommon Name (your name or server's
hostname) []:myhost.example.comEmail Address []:myemail@example.com
Key". Once you have a key, make sure you are in the /usr/share/ssl/
Creating a Self-Signed Certificate
Section 25.5, "Types of Certificates"
for more
261