Installing a Self-Generated CertificateBy now, you should have been able to make a certificate on your own using SSLeay software.
Generating a CertificateThe easiest way is to generate your site certificate cacert.pem (this one is for 10 years):
The generates a brand new certificate. If you already got a cacert.pem file (generated with the CA.sh script) you can skip this step.
Converting from PEM to DERNetScape understands ASN.1/DER formats, not PEM. So we need to convert the certificate to DER.Do this with:
Once you have the DER file, you're done with the certificate part. Getting the Certificate to the BrowserIdeally, you'd just want to upload the file to the browser. This can be done by putting it in any publically available directory your web server provides access to. (I was not able to figure out how to load a certificate directly.)The problem is, your web browser will deliver this content as a regular file.
Customizing ApacheThe trick is to tell the Apache webserver that you want to deliver this as a certificate.As root, edit your web server's mime.types file and add the following line:
This tells your web server that files that end in .cct, .cert, or .der should be delivered as x509 certificates. Once you make the change, you'll have to restart your web server.
Try it!Using your browser, load the file via a URL. (I decided to rename my file cacert.cert.)NetScape thought for a moment and then recognized a valid certificate and installed it. Useful LinksTry checking out the SSLeay FAQ.Phil Wherry has put together a paper on using SSLeay to generate site and client certificates for Microsoft Internet Information Server. [local version of this doc]
|
