你可以创建自签的证书。请注意,自签的证书将不会提供由 CA 签发的证书所提供的安全担保。关于证书的详细信息,请参阅第 20.5 节。
如果你想制作自签的证书,你首先需要按照 第 20.6 节中提供的指示来创建随机钥匙。一旦创建了钥匙,请确定你位于 /usr/share/ssl/certs 目录中,再键入下面的命令:
make testcert |
你将会看到以下输出,你会被提示输入口令句(除非你生成了无口令的钥匙):
umask 77 ; \ /usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: |
输入口令句后(如果你创建了无口令的钥匙则没有提示),你会被要求输入更多信息。计算机的输出以及一组示例输入与以下的显示相仿(你需要为你的主机和机构提供正确的信息):
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:North Carolina Locality Name (eg, city) [Newbury]:Raleigh Organization Name (eg, company) [My Company Ltd]:My Company, Inc. Organizational Unit Name (eg, section) []:Documentation Common Name (your name or server's hostname) []:myhost.example.com Email Address []:myemail@example.com |
提供了正确信息后,自签的证书就会在 /etc/httpd/conf/ssl.crt/server.crt 中被创建。生成证书后,你需要使用以下命令来重新启动安全服务器:
/sbin/service httpd restart |