Genkey

From Notes_Wiki
Revision as of 01:53, 12 August 2014 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb> =genkey= CentOS comes with a self-signed certificate for localhost generated at '<tt>/etc/pki/tls/certs/loc...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>

genkey

CentOS comes with a self-signed certificate for localhost generated at '/etc/pki/tls/certs/localhost.crt' and corresponding private key at '/etc/pki/tls/private/localhost.key'. If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning. To create new certificates using genkey to resolve the issue use following commands:

rm -f /etc/pki/tls/private/localhost.key
rm -f /etc/pki/tls/certs/localhost.crt
genkey localhost

For simple hosting choose 1024-bit key length and avoid encrypting private key. There is no need of generating CSR for localhost. Server FQDN would be localhost. Other values for City, Organization, etc. can be filled appropriately, they will not affect the security offerred by certificate in any way.