Use an OpenSSL perl script to generate a certificate and +section, we'll generate an unsigned certificate which will work +in most browsers, albeit with pop-up messages.
Use an OpenSSL perl script to generate a certificate and key.
Debian users: use /usr/lib/ssl/misc/CA.pl instead of /usr/share/ssl/CA
Mac OS X users: use perl /System/Library/OpenSSL/misc/CA.pl -newcert instead of /usr/share/ssl/CA
@@ -58,13 +58,12 @@
newreq.pem contains our
certificate and private key. The key is protected by a passphrase,
-which means that we'll have to enter the pass phrase each time the
-server starts. This is impractical and unnecessary, so we create an
-unprotected version of the key. Security
-implication: if anyone gets access to the file
-keyfile.pem, they effectively own the key as much as you do.
-Mitigation: don't use this key/cert combo for anything besides
-providing ssl for the web site.
+which means that we'll have to enter the pass phrase each time +the server starts. This is impractical and unnecessary, so we +create an unprotected version of the key. Security implication: if anyone gets +access to the file keyfile.pem, they effectively own the key as +much as you do. Mitigation: don't use this key/cert combo for +anything besides providing ssl for the web site.[root misc]#openssl rsa -in newreq.pem -out keyfile.pemread RSA key Enter PEM pass phrase: