CentOS 快速重新建立 self-signed SSL 憑證
httpd 在安裝 ssl_mod 模組後,預設會安裝好 SSL 憑證。
若要重新自己在重新建立新的 self-signed SSL 憑證,可使用下列方式:
建立 local.key
1 |
root # /usr/bin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 2048 > /etc/pki/tls/private/localhost.key 2> /dev/null |
建立並簽署 local.crt
1 2 3 4 5 6 7 8 9 10 |
root # FQDN=`hostname` root # cat << EOF | /usr/bin/openssl req -new -key /etc/pki/tls/private/localhost.key -x509 -sha256 -days 365 -set_serial $RANDOM -extensions v3_req -out /etc/pki/tls/certs/localhost.crt 2>/dev/null -- SomeState SomeCity SomeOrganization SomeOrganizationalUnit ${FQDN} root@${FQDN} EOF |
重新啟動 httpd
1 |
root # systemctl restart httpd |