Revisión del 15:22 30 jul 2008

Self signed certificate

openssl genrsa 2048 > /etc/ssl/private/`hostname`.key
chmod 640 /etc/ssl/private/`hostname`.key
chown root:ssl-cert /etc/ssl/private/`hostname`.key
openssl req -new -key /etc/ssl/private/`hostname`.key -x509 -days 9999 -out /etc/ssl/certs/`hostname`.cert

Own CA (Certification Authority)

Without phass phrase to use with daemons

Modify default parameters

vi /etc/ssl/openssl.cnf

cd /srv
/usr/lib/ssl/misc/CA.pl -newca
chmod 750 /srv/demoCA/private
chmod 640 /srv/demoCA/private/cakey.pem

update "dir"

vi /etc/ssl/openssl.cnf

mkdir /etc/ssl/`hostname -s`
cd /etc/ssl/`hostname -s`
/usr/lib/ssl/misc/CA.pl -newreq-nodes
/usr/lib/ssl/misc/CA.pl -signreq