Browse Source

Merge pull request #126 from yuvadm/self-signed-ssl

Add self-signed SSL cert section to README
Alex Payne 11 years ago
parent
commit
b4f6ecb516
1 changed files with 10 additions and 0 deletions
  1. 10
    0
      README.textile

+ 10
- 0
README.textile View File

79
 bc. security verify-cert -L -p ssl -s example.com -c roles/common/files/wildcard_public_cert.crt -c roles/common/files/wildcard_ca.pem
79
 bc. security verify-cert -L -p ssl -s example.com -c roles/common/files/wildcard_public_cert.crt -c roles/common/files/wildcard_ca.pem
80
 ...certificate verification successful.
80
 ...certificate verification successful.
81
 
81
 
82
+h4. Self-signed SSL certificate
83
+
84
+Purchasing SSL certs, and wildcard certs specifically, can be a significant financial burden. It is possible to generate a self-signed SSL certificate (i.e. one that isn't signed by a Certificate Authority) that is free of charge by nature. However, since a self-signed cert has no CA chain that can confirm its authenticity, some services might behave erratically when using such a certificate.
85
+
86
+To create a self-signed SSL cert, run the following commands:
87
+
88
+bc. openssl req -nodes -newkey rsa:2048 -keyout roles/common/files/wildcard_private.key -out mycert.csr
89
+openssl x509 -req -days 365 -in mycert.csr -signkey roles/common/files/wildcard_private.key -out roles/common/files/wildcard_public_cert.crt
90
+cp roles/common/files/wildcard_public_cert.crt roles/common/files/wildcard_ca.pem
91
+
82
 h3. 2. Get a Tarsnap machine key
92
 h3. 2. Get a Tarsnap machine key
83
 
93
 
84
 If you haven't already, "download and install Tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.
94
 If you haven't already, "download and install Tarsnap":https://www.tarsnap.com/download.html, or use @brew install tarsnap@ if you use "Homebrew":http://brew.sh.

Loading…
Cancel
Save