On development and test systems, you are ususally using a self-signed certificate. Why the SSL servers key needs any certificate at all, and cannot simply use its key pair, is beyond my imagination, but be that as it may: It wouldn't be a problem, if there would be a really simple way to create a self signed certificate. What is the problem with writing a simple program that asks me a few questions like "fully qualified host name of the SSL server", or "organization name" and in reply creates a private key and a self certified public key? My personal guess is that openssl's command line interface is so darned complex that it's hard to dare to make it simple...
But obviously, I am not the only one asking for such a solution. There is help: Red Hat Linux, Fedora, or CentOS are shipped with a really simple tool called "genkey". See
http://www.linuxtopia.org/online_books/centos5/centos5_administration_guide/centos5_s1-httpd-secure-server.html
Thanks, guys!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment