thawte.com), and VeriSign (www.verisign.com).
You also have the option of creating self-signed certificates, although these should be used only for
testing or when a very small number of people will be accessing your server and you do not plan
to have certificates on multiple machines. Directions for generating a self-signed certificate are
included in the following section.
The last option is to run your own certificate authority. This is probably practical only if you have a
small number of expected users and the means to distribute your CA certificate to them (including
assisting them with installing it in their browsers). The process for creating a CA is too elaborate to
cover in this book but is a worthwhile alternative to generating self-signed certificates. You can find
guides on running your own CA at http://sial.org/howto/openssl/ca/.
The following procedure describes how to generate and use SSL keys with the LAMP server (running
on a Debian GNU/Linux system) configured in this chapter. For a general discussion of SSL
keys and procedures specific to Fedora and other Red Hat Linux systems, refer to Chapter 6.
NOTE
666
Running Servers Part V
Generating Your Keys
To begin setting up SSL, use the openssl command, which is part of the OpenSSL package, to
generate your public and private key:
1.
Pages:
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232