-
Language:
English
-
Language:
English
10.3.2. Creating a Properly Signed Certificate
Although the certificate created in the previous section matches the applications it is used for, it is not properly signed by a trusted authority. You can prevent warning messages from the browser about this by requesting a wildcard certificate signed by a Certificate Authority (CA). The CA must be authoritative for the browsers used by the application users.
Create a certificate signing request (CSR) by using the following command:
#openssl req -new \-key /etc/pki/tls/private/localhost.key \-out /etc/pki/tls/certs/localhost.csr
Enter the appropriate values as prompted to suit your installation. This creates a CSR in the
/etc/pki/tls/certs/localhost.csr file.
You must then have your certificate authority sign the request. If all application users are internal to your organization, it may be possible to use an internal CA; otherwise, an external trusted authority must be used. The authority should supply a properly signed certificate, which you can place in the
/etc/pki/tls/certs/localhost.crt file.
Next, restart the
httpd service:
# restart service httpd
