Wiki

User Tools

Site Tools

Trace:
ubuntu:certificates:create_a_self-signed_certificate

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ubuntu:certificates:create_a_self-signed_certificate [2023/06/09 16:22] peterubuntu:certificates:create_a_self-signed_certificate [2023/06/09 16:26] (current) peter
Line 1: Line 1:
 ====== Ubuntu - Certificates - Create a self-signed certificate ====== ====== Ubuntu - Certificates - Create a self-signed certificate ======
 +
 +A self-signed certificate made in this way is sufficient for testing, but should not be used in a production environment.
 +
 +
 +<WRAP info>
 +**NOTE:**  
 +
 +  * Many clients require that the certificate presented by the server be a user (also called “leaf” or “site”) certificate, and not a self-signed certificate.
 +    * In this situation, the self-signed certificate must be installed on the client host as a trusted root certification authority (CA), and the certificate used must be a user certificate signed with that self-signed certificate.
 +
 +  * For information on creating self-signed CA certificates and using them to sign user certificates, see the General implementation overview chapter of the Open-source PKI book, available online at http://ospkibook.sourceforge.net/.
 +
 +</WRAP>
 +
 +----
  
 ===== Prerequisites ===== ===== Prerequisites =====
Line 93: Line 108:
 </WRAP> </WRAP>
  
-<WRAP info> 
-**NOTE:**  A self-signed certificate made in this way is sufficient for testing, and may be adequate for all your requirements if you are mainly interested in encrypting transfers, and not in secure identification. 
  
-  * However, many clients require that the certificate presented by the server be a user (also called “leaf” or “site”) certificate, and not a self-signed certificate. 
-  * In this situation, the self-signed certificate described above must be installed on the client host as a trusted root certification authority (CA), and the certificate used by Exim must be a user certificate signed with that self-signed certificate. 
- 
-  * For information on creating self-signed CA certificates and using them to sign user certificates, see the General implementation overview chapter of the Open-source PKI book, available online at http://ospkibook.sourceforge.net/. 
- 
-</WRAP> 
  
 ---- ----
Line 124: Line 131:
   -out test.crt \   -out test.crt \
   -subj '/C=PL/ST=example/O=ShareWiz/OU=test/CN=test'   -subj '/C=PL/ST=example/O=ShareWiz/OU=test/CN=test'
 +</code>
 +
 +
 +----
 +
 +===== Set Permissions for the certificate files =====
 +
 +<code bash>
 +chmod 600 file1*
 +chmod 600 file2*
 </code> </code>
  
Line 130: Line 147:
 ===== References ===== ===== References =====
  
-http://ospkibook.sourceforge.net/+https://wiki.debian.org/Self-Signed_Certificate
  
 +http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#aboutcerts
 +
 +http://nginx.org/en/docs/http/configuring_https_servers.html
 +
 +http://ospkibook.sourceforge.net/
ubuntu/certificates/create_a_self-signed_certificate.1686327750.txt.gz · Last modified: 2023/06/09 16:22 by peter
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki