您可以建立您自我簽署的憑證,請注意一個自我簽署的憑證並不提供像一個 CA 簽署之憑證的安全性保證。 請參考 菴 20.5 節 以取得關於憑證的更詳細資訊。
假如您想要建立您自我簽署的憑證,首先您必須按照 菴 20.6 節 所提供的指示建立一個亂數金鑰。 一旦您擁有金鑰後,請確定您是位於 /usr/share/ssl/certs 目錄,然後輸入下列的指令:
make testcert |
您將會看到如下的輸出,而且您將會被提示輸入您的通行密碼(除非您產生的金鑰不含通行密碼):
umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: |
在輸入您的通行密碼後(或者假如您建立的金鑰不含通行密碼),您將會被問及以提供更多的資訊,電腦的輸出以及一組輸出將會如下所示(您必須提供關於您的組織與主機的正確資訊):
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:North Carolina Locality Name (eg, city) [Newbury]:Raleigh Organization Name (eg, company) [My Company Ltd]:My Company, Inc. Organizational Unit Name (eg, section) []:Documentation Common Name (your name or server's hostname) []:myhost.example.com Email Address []:myemail@example.com |
在您提供完正確的資訊後,一個自我簽署的憑證將會建立在 /etc/httpd/conf/ssl.crt/server.crt 檔案。 在建立這個憑證之後,您必須使用下列指令來重新啟動您的安全伺服器:
/sbin/service httpd restart |