|
|
@@ -79,6 +79,16 @@ Lastly, test your certificates using the @security@ program on Mac OS X:
|
|
79
|
79
|
bc. security verify-cert -L -p ssl -s example.com -c roles/common/files/wildcard_public_cert.crt -c roles/common/files/wildcard_ca.pem
|
|
80
|
80
|
...certificate verification successful.
|
|
81
|
81
|
|
|
|
82
|
+h4. Self-signed SSL certificate
|
|
|
83
|
+
|
|
|
84
|
+Purchasing SSL certs, and wildcard certs specifically, can be a significant financial burden. It is possible to generate a self-signed SSL certificate (i.e. one that isn't signed by a Certificate Authority) that is free of charge by nature. However, since a self-signed cert has no CA chain that can confirm its authenticity, some services might behave erratically when using such a certificate.
|
|
|
85
|
+
|
|
|
86
|
+To create a self-signed SSL cert, run the following commands:
|
|
|
87
|
+
|
|
|
88
|
+bc. openssl req -nodes -newkey rsa:2048 -keyout roles/common/files/wildcard_private.key -out mycert.csr
|
|
|
89
|
+openssl x509 -req -days 365 -in mycert.csr -signkey roles/common/files/wildcard_private.key -out roles/common/files/wildcard_public_cert.crt
|
|
|
90
|
+cp roles/common/files/wildcard_public_cert.crt roles/common/files/wildcard_ca.pem
|
|
|
91
|
+
|
|
82
|
92
|
h3. 2. Get a Tarsnap machine key
|
|
83
|
93
|
|
|
84
|
94
|
If you haven't already, "download and install Tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.
|
Alex Payne
11 年之前