1 260
szerkesztés
Módosítások
→Apache config: + Self-signed certs
SSLCertificateKeyFile /path/to/your/pki/hostname.you.provided.first.key
SSLCertificateChainFile /path/to/your/pki/hostname.you.provided.first-chain.crt
== Self-signed ==
It's not recommended to use CA-signed certificates with your IdPs or SPs. It has no benefits and has some drawbacks (ie. some older versions of mod_ssl refuse to work with expired SP certs).
Instead, you should generate a self-signed certificate with the following command (please adjust the subject):
export host=your.host.name
openssl req -new -newkey rsa:2048 -x509 -subj "/C=HU/O=NIIF/OU=AAI/CN=$host" -days 10000 -nodes \
-keyout $host-shib.key -out $host-shib.cert
