Ubuntu

用於 rpm/fedora 的 ssl-cert 包(自簽名證書)

  • January 30, 2013

在 Debian/Ubuntu 中,我的deb包依賴於ssl-cert包,以提供一些自簽名的 https 證書,如果沒有別的。從Debian 頁面

此軟體包支持無人值守安裝需要創建 SSL 證書的軟體包。

它是 OpenSSL 證書請求實用程序的簡單包裝器,為它提供正確的使用者變數。

rpm / Fedora 有類似的軟體包嗎?

事實證明,安裝mod_ssl軟體包會自動創建一些自簽名證書,並帶有一個開箱即用的配置文件

/etc/httpd/conf.d/ssl.conf

效果很好,無需手動創建證書。配置如下所示:

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

引用自:https://serverfault.com/questions/471922