-
Language:
English
-
Language:
English
Red Hat Training
A Red Hat training course is available for Red Hat Gluster Storage
E.2. Creating an SSL Certificate
The following procedure creates an SSL certificate and signs it with the CA key. SSL/TLS certificates provide a layer of security for accessing your installation over HTTPS. This procedure provides instructions for creating certificates and configuring the server with them.
openssl
. To install this tool, run the following command on your server:
#
yum install openssl
Procedure E.2. Creating an SSL Certificate
- Create a key for your server:
#
openssl genrsa -out ssl.keyThis creates anssl.key
file. - Use the key to create a signing request for your certificate:
#
openssl req -new -key ssl.key -out ssl.csrThe signing request asks for some organization details to form the Distinguished Name (DN) in your certificate.Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Karnataka Locality Name (eg, city) [Default City]:Bangalore Organization Name (eg, company) [Default Company Ltd]:Red Hat Organizational Unit Name (eg, section) []:Engineering Content Services Common Name (eg, your name or your server's hostname) []:www.example.com Email Address []:psriniva@redhat.com
This creates anssl.csr
signing request file. - Create the signed SSL certificate:
Create the signed SSL certificate:
openssl
asks for your CA key's password.This creates a certificate file namedssl.crt
.
Important
Using configuration from /etc/pki/tls/openssl.cnf Enter pass phrase for ca.key: /etc/pki/CA/index.txt: No such file or directory unable to open '/etc/pki/CA/index.txt' 139883256969032:error:02001002:system library:fopen:No such file or directory:bss_file.c:355:fopen('/etc/pki/CA/index.txt','r') 139883256969032:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:357:
Procedure E.3. Resolving this error
- Create the index.txt file.
#
touch /etc/pki/CA/index.txt - Create a serial file to label the CA and all subsequent certificates.
#
echo '1000' > /etc/pki/CA/serial
#
openssl ca -cert ca.crt -keyfile ca.key -out ssl.crt -infiles ssl.csr
ssl.crt
and ssl.key
form the certificate pair that your server uses to encrypt data via HTTPS.
You have created an SSL certificate and signed it with the CA key. openssl
creates two files: ca.key
, which is a key that administrators use to sign certificates, and ca.crt
, which is the public CA certificate that users obtain to verify the validity of signed certificates they receive. Make sure users accessing your server have a copy of the ca.crt
so that they can import it into their client's trusted CA store.