此内容没有您所选择的语言版本。

Appendix E. Certificates


E.1. Creating SSL/TLS Certificates

Summary

SSL/TLS certificates provide a layer of security for accessing your installation over HTTPS. This procedure provides instructions for creating certificates and configuring your server with them.

The following procedure requires openssl. To install this tool, run the following command on your server:
#yum install openssl
Copy to Clipboard Toggle word wrap
A Certificate Authority (CA) signs certificates to provide verifification of their validity. Web browsers contain a number of CA certificates for verifying HTTPS communication with secure websites. Some of these CAs require a fee to provide a CA pair for your server, while some are open and provide free CA pairs. This procedure describes how to generate your own Certificate Authority (CA) certificate and key for your own internal network usage.

Procedure E.1. Creating a Certificate Authority

  1. Run the following command:
    #openssl req -new -x509 -keyout ca.key -out ca.crt -days 3650
    Copy to Clipboard Toggle word wrap
    This command requests a new CA pair valid for 3650 days.
  2. Enter a password to protect your CA:
    Generating a 2048 bit RSA private key
    ......................................................................................................................................+++
    ..................................................................................................+++
    writing new private key to 'ca.key'
    Enter PEM pass phrase:
    Verifying - Enter PEM pass phrase:
    Copy to Clipboard Toggle word wrap
  3. Enter the following details about your organization:
    Country Name (2 letter code) [XX]:AU
    State or Province Name (full name) []:Queensland
    Locality Name (eg, city) [Default City]:Brisbane
    Organization Name (eg, company) [Default Company Ltd]:Red Hat
    Organizational Unit Name (eg, section) []:Engineering Content Services
    Common Name (eg, your name or your server's hostname) []:www.example.com
    Email Address []:dmacpher@redhat.com
    Copy to Clipboard Toggle word wrap
    This information forms the Distinguished Name (DN) in your certificate.
Conclusion

You have created a Certificate Authority. openssl creates two files: ca.key, which is a key that administrators use to sign certificates, and ca.crt, which is the public CA certificate that users obtain to verify the validity of signed certificates they receive. Make sure users accessing your server have a copy of ca.crt so that they can import it into their client's trusted CA store.

22632%2C+Console+Developer+Guide-322-09-2014+17%3A11%3A35Report a bug
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat