Red Hat NETWORK PROXY SERVER 3.7 - Uživatelský manuál stáhnout pdf (Strana 61)

3.4 Creating Your Key and Certiﬁcate Request 51

Please Note:If you don’t want to have to type in a password every time

you start your web server, you will need to use the long command as

shown above without the -des3 option:

/usr/sbin/ssleay genrsa -rand /dev/urandom 1024 > httpsd.key

Ifyou usethe immediatelypreviouscommand tocreateyour key, you will

not need to use a password to start your secureweb server. Please realize,

however, that disabling the password feature for your secure web server

is a security risk. We DO NOT recommend that you disable the password

featurefor your secure web server.

The httpsd.key ﬁle should be owned by the root user on your system

andshould not be accessible to any otheruser. Makea backupcopy of this

ﬁle and keep the backup copy in a safe, secure place (a good idea would

be to copy this ﬁle to a ﬂoppy and then keep the ﬂoppy someplace se-

cure). You needthebackup copybecauseifyou ever lose thehttpsd.key

ﬁle after using it to create your certiﬁcate request, your certiﬁcate will no

longer work and the CA will not be able to help you. Your only option

would be to request a new digital certiﬁcate and pay for it all over again.

3.4.2 Generating a Certiﬁcate Request

Once you’ve createda key, the next step is to generate a certiﬁcate request

which you will need to send to the CA of your choice. Type in the follow-

ing command:

make certreq

If you don’t have make installed on your system, you may use the follow-

ing longer and less user-friendly command instead of make certreq:

ssleay req -new -key httpsd.key > httpsd.csr

1 2 ... 56 57 58 59 60 61 62 63 64 65 66 ... 100 101

Žádné komentáře

Red Hat NETWORK PROXY SERVER 3.7 - Uživatelský manuál Strana 61