在 Debian/Ubuntu 中,我的deb软件包依赖于ssl-cert软件包,以提供一些自签名的 https 证书,如果没有其他的话。从Debian 页面:
此软件包支持需要创建 SSL 证书的软件包的无人值守安装。
它是 OpenSSL 证书请求实用程序的一个简单包装器,可以为其提供正确的用户变量。
rpm / Fedora 是否有类似的软件包?
答案1
Fedoraopenssl软件包中包含/etc/pki/tls/certs/make-dummy-crt,可用于生成自签名证书。例如:
# cd /etc/pki/tls/certs
# ./make-dummy-cert mydummy.crt
# ls
ca-bundle.crt ca-bundle.trust.crt make-dummy-cert Makefile mydummy.crt
答案2
事实证明,安装该mod_ssl软件包将自动创建一些自签名证书,并带有一个现成的配置文件
/etc/httpd/conf.d/ssl.conf
效果很好,无需手动创建证书。配置如下:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt