Procházet zdrojové kódy

Add self-signed SSL cert section to README

Yuval Adam před 11 roky
rodič
revize
70f2a4445f
1 změnil soubory, kde provedl 10 přidání a 0 odebrání
  1. 10
    0
      README.textile

+ 10
- 0
README.textile Zobrazit soubor

@@ -79,6 +79,16 @@ Lastly, test your certificates using the @security@ program on Mac OS X:
79 79
 bc. security verify-cert -L -p ssl -s example.com -c roles/common/files/wildcard_public_cert.crt -c roles/common/files/wildcard_ca.pem
80 80
 ...certificate verification successful.
81 81
 
82
+h4. Self-signed SSL certificate
83
+
84
+Purchasing SSL certs, and wildcard certs specifically, can be a significant financial burden. It is possible to generate a self-signed SSL certificate (i.e. one that isn't signed by a Certificate Authority) that is free of charge by nature. However, since a self-signed cert has no CA chain that can confirm its authenticity, some services might behave erratically when using such a certificate.
85
+
86
+To create a self-signed SSL cert, run the following commands:
87
+
88
+bc. openssl req -nodes -newkey rsa:2048 -keyout roles/common/files/wildcard_private.key -out mycert.csr
89
+openssl x509 -req -days 365 -in mycert.csr -signkey roles/common/files/wildcard_private.key -out roles/common/files/wildcard_public_cert.crt
90
+cp roles/common/files/wildcard_public_cert.crt roles/common/files/wildcard_ca.pem
91
+
82 92
 h3. 2. Get a Tarsnap machine key
83 93
 
84 94
 If you haven't already, "download and install Tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.

Loading…
Zrušit
Uložit