Show Table of Contents
10.3.2. Creating a Properly Signed Certificate
Although the certificate created in the previous section matches the applications it is used for, it is not properly signed by a trusted authority. You can prevent warning messages from the browser about this by requesting a wildcard certificate signed by a Certificate Authority (CA). The CA must be authoritative for the browsers used by the application users.
Create a certificate signing request (CSR) by using the following command:
#openssl req -new \-key /etc/pki/tls/private/localhost.key \-out /etc/pki/tls/certs/localhost.csr
Enter the appropriate values as prompted to suit your installation. This creates a CSR in the
/etc/pki/tls/certs/localhost.csr file.
You must then have your certificate authority sign the request. If all application users are internal to your organization, it may be possible to use an internal CA; otherwise, an external trusted authority must be used. The authority should supply a properly signed certificate, which you can place in the
/etc/pki/tls/certs/localhost.crt file.
Next, restart the
httpd service:
# restart service httpd
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.