Difference between revisions of "Genkey"

From Notes_Wiki
m
m
 
Line 1: Line 1:
<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Genkey|genkey]]
=genkey=


CentOS comes with a self-signed certificate for localhost generated at '<tt>/etc/pki/tls/certs/localhost.crt</tt>' and corresponding private key at '<tt>/etc/pki/tls/private/localhost.key</tt>'.  If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning.  To create new certificates using genkey to resolve the issue use following commands:
CentOS comes with a self-signed certificate for localhost generated at '<tt>/etc/pki/tls/certs/localhost.crt</tt>' and corresponding private key at '<tt>/etc/pki/tls/private/localhost.key</tt>'.  If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning.  To create new certificates using genkey to resolve the issue use following commands:
Line 21: Line 20:




<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Security tools]] > [[Genkey|genkey]]

Latest revision as of 16:06, 24 March 2022

Home > CentOS > CentOS 6.x > Security tools > genkey

CentOS comes with a self-signed certificate for localhost generated at '/etc/pki/tls/certs/localhost.crt' and corresponding private key at '/etc/pki/tls/private/localhost.key'. If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning. To create new certificates using genkey to resolve the issue use following commands: 

rm -f /etc/pki/tls/private/localhost.key
rm -f /etc/pki/tls/certs/localhost.crt
genkey localhost

For simple hosting choose 1024-bit key length and avoid encrypting private key. There is no need of generating CSR for localhost. Server FQDN would be localhost. Other values for City, Organization, etc. can be filled appropriately, they will not affect the security offerred by certificate in any way.


In rare case if this does not works try: 

openssl req -x509 -nodes -days 9999 -newkey rsa:1024 -keyout localhost.pem -out localhost.pem
cp localhost.pem /etc/pki/tls/certs/localhost.crt



Home > CentOS > CentOS 6.x > Security tools > genkey

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Genkey&oldid=5530"