Ubuntu
用於 rpm/fedora 的 ssl-cert 包(自簽名證書)
在 Debian/Ubuntu 中,我的
deb
包依賴於ssl-cert
包,以提供一些自簽名的 https 證書,如果沒有別的。從Debian 頁面:此軟體包支持無人值守安裝需要創建 SSL 證書的軟體包。
它是 OpenSSL 證書請求實用程序的簡單包裝器,為它提供正確的使用者變數。
rpm / Fedora 有類似的軟體包嗎?
事實證明,安裝
mod_ssl
軟體包會自動創建一些自簽名證書,並帶有一個開箱即用的配置文件/etc/httpd/conf.d/ssl.conf
效果很好,無需手動創建證書。配置如下所示:
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt