1 260
szerkesztés
Módosítások
→Self-signed: 2-pass variant to avoid CA:TRUE
== Usage ==
With this script, you can generate a certificate request that you can submit manually to Terena TCS service. It's possible to include multiple SubjectAltName -s in the request, such as <code>aai.niif.hu</code> and <code>www.aai.niif.hu</code>.
This script creates the following files in your current working directory:
It's not recommended to use CA-signed certificates with your IdPs or SPs. It has no benefits and has some drawbacks (ie. some older versions of mod_ssl refuse to work with expired SP certs).
Instead, you should generate a self-signed certificate with the following command commands (please adjust the subject):
export host=your.host.name
openssl req -new -newkey rsa:2048 -x509 -subj "/C=HU/O=NIIF/OU=AAI/CN=$host" -days 10000 -nodes \ -keyout $host-shibfed.key -out $host-shibfed.certcsr openssl x509 -in $host-fed.csr -out $host-fed.crt -req -signkey $host-fed.key [[Category: TCS]][[Category: English]]
