TCS ServerCert

70 bájt hozzáadva, 2017. szeptember 13., 13:13
Self-signed: 2-pass variant to avoid CA:TRUE
It's not recommended to use CA-signed certificates with your IdPs or SPs. It has no benefits and has some drawbacks (ie. some older versions of mod_ssl refuse to work with expired SP certs).
Instead, you should generate a self-signed certificate with the following command commands (please adjust the subject):
export host=your.host.name
openssl req -new -newkey rsa:2048 -x509 -subj "/C=HU/O=NIIF/OU=AAI/CN=$host" -days 10000 -nodes \ -keyout $host-shibfed.key -out $host-shibfed.csr openssl x509 -in $host-fed.csr -out $host-fed.certcrt -req -signkey $host-fed.key
[[Category: TCS]]]
[[Category: English]]

Navigációs menü