Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 786

Creating a "Dummy" Certificate
Generating a dummy certificate is simple. Just call the script
/usr/bin/gensslcert. It creates or overwrites the following files:
• /etc/apache2/ssl.crt/ca.crt
• /etc/apache2/ssl.crt/server.crt
• /etc/apache2/ssl.key/server.key
• /etc/apache2/ssl.csr/server.csr
A copy of ca.crt is also placed at /srv/www/htdocs/CA.crt for download.
IMPORTANT
A dummy certificate should never be used on a production system. Only use
it for testing purposes.
Creating a Self-Signed Certificate
If you are setting up a secure Web server for an Intranet or for a defined circle of users,
it might be sufficient if you sign a certificate with your own certificate authority (CA).
Creating a self-signed certificate is an interactive nine-step process. Change into the
directory /usr/share/doc/packages/apache2 and run the following command:
./mkcert.sh make --no-print-directory /usr/bin/openssl
/usr/sbin/ custom. Do not attempt to run this command from outside this direc-
tory. The program provides a series of prompts, some of which require user input.
Procedure 40.1 Creating a Self-Signed Certificate with mkcert.sh
1 Decide the signature algorithm used for certificates
2 Generating RSA private key for CA (1024 bit)
768 Installation and Administration
Choose RSA ( R , the default), because some older browsers have problems with
DSA.