在Debian / Ubuntu中,我的deb软件包依赖于ssl-cert软件包,提供一些自签名的https证书。 从Debian页面 :
该软件包支持需要创buildSSL证书的软件包的无人值守安装。
它是OpenSSL证书请求实用程序的一个简单包装,它用正确的用户variables提供。
有没有类似的软件包用于rpm / Fedora?
事实certificate,安装mod_ssl软件包将自动创build一些自签名证书和一个开箱即用的configuration文件
/etc/httpd/conf.d/ssl.conf
很好的工作,不需要手动创build证书。 configuration看起来像这样:
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A new # certificate can be generated using the genkey(1) command. SSLCertificateFile /etc/pki/tls/certs/localhost.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you've both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) SSLCertificateKeyFile /etc/pki/tls/private/localhost.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
Fedora openssl软件包包括/etc/pki/tls/certs/make-dummy-crt ,可用于生成自签名证书。 例如:
# cd /etc/pki/tls/certs # ./make-dummy-cert mydummy.crt # ls ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile mydummy.crt