M. Fioretti wrote:
On Fri, Jun 15, 2007 15:21:31 PM -0500, Jay Leafey
(jay.leafey@xxxxxxxxxxxx) wrote:
I have a strong aversion to re-inventing the wheel,
Me too, unless when it's a hidden wheel. Fact is, this is the *first*
time I hear mention of this approach. See my original comments about
SSL being one of the worst (doc-wise) areas in FOSS... Thanks.
# *openssl genrsa -out /etc/ssl/private/server.key 1024*
# *openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr*
# *openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
-signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt*
perhaps change the directories to match whatever your given apache version is running.
my apache dirs at present are like: /usr/local/apache/conf/ssl/
but the stock httpd on centos may be different, you get the idea though.
reading the existing centos scripts is fun too.
**
So, you confirm that "make server_and_key.pem" would do what I wrote
in the original message, self-signing and no key encryption included?
No big deal if key and server end up in the same file.
Thanks,
Marco
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
