2014-08-06 18:51 keltezéssel, Rasca Gmelch írta:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
just a short note:
Am 06.08.2014 um 17:57 schrieb Igor Vitorac:
[..]
In order to generate SSL certificates, you can follow the steps
here: http://wiki.centos.org/HowTos/Https
you can do it in *one* step and even without
interacting with the UI of openssl - it means
you can use it e.g. in puppet scripts:
openssl req -x509 -nodes -days 3650 \
-newkey rsa:2048 -keyout server.key \
-out server.crt -subj '/CN=www.mydomain.org'
This will generate a 10 year selfsigend key
pair for the hostname "www.mydomain.org".
Or use "*.mydomain.org" for a wild card self
signed cert.
Just an other short note:
Jou can request (and get) a *non* self-signed vertificate without
payment from StartSSL.
Properties:
Class I certificate (known and trusted by all browsers and mobile devices).
One year (yes it will be expired in the next year).
Better than any self-signed certificate, because the most users won't
check the certificate properties, just accept it, yes, if it is a fake
one, then they accept it too.
Do not use self-signed certificates in production environment if it
available from public/untrusted network area.
--
Szládovics, Péter
Onlinedemo.HU <http://www.onlinedemo.hu>
Any sufficiently advanced technology is indistinguishable from magic.
/Arthur C. Clarke/
--
users@sogo.nu
https://inverse.ca/sogo/lists
