このコンテンツは選択した言語では利用できません。

8.9.2. Creating an SSL Certificate


Because the Management Console is accessed with a web browser, developers are likely to receive security warnings if the default SSL certificate is left in place. This is because the certificate is self-assigned, and may not match the URL. These warnings are avoided if the certificate is signed by a proper authority and reflects the correct URL for the site.
Both the broker application and the Management Console application are reached with the host's httpd proxy, which is what presents the secure server's certificate. The default key is /etc/pki/tls/private/localhost.key, and the default certificate is /etc/pki/tls/certs/localhost.crt. These files are created automatically when mod_ssl is installed. You can recreate the key and the certificate files with suitable parameters using the openssl command, as shown in the following example.
# openssl req -new \
	-newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key \
	-x509 -days 3650 \
	-out /etc/pki/tls/certs/localhost.crt
Copy to Clipboard Toggle word wrap
The openssl command prompts for information to be entered in the certificate. The most important field is Common Name, which is the host name that developers use to browse the Management Console; for example, broker.example.com. This way the certificate created now correctly matches the URL for the Management Console in the browser, although it is still self-signed.
Obtain a properly signed certificate by generating a signing request with the following commands:
# openssl req -new \
	-key /etc/pki/tls/private/localhost.key \
	-out /etc/pki/tls/certs/localhost.csr
Copy to Clipboard Toggle word wrap
The openssl command prompts for information to be entered in the certificate, including Common Name. The localhost.csr signing request file must then be processed by an appropriate certificate authority to generate a signed certificate for use with the secure server.
When you have replaced the key and the certificate, restart the httpd service to enable them for use:
# service httpd restart
Copy to Clipboard Toggle word wrap
トップに戻る
Red Hat logoGithubredditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。 最新の更新を見る.

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

Theme

© 2025 Red Hat