Making a self-signed TLS certificate: Difference between revisions

Line 9:

* You will be making a self-signed certificate. This will make all browsers through up an error. This is OK and can usually be avoided in the future by using an exception.

* To make it easier, it is suggested to make all the certificates in a dedicated folder somewhere that you have easy access to, for example in your home folder. This will avoid permission problems.

* If your making a certificate without a password, the resulting certificate must be kept in a safe place. If this ~~certificate~~ is '''EVER''' disclosed, any data can be decrypted from the server and you must revoke the certificate. The newest versions of Apache only allow www and root users to read the key folder by default.

* If your making a certificate with a private key without a password, the resulting certificate must be kept in a safe place. If this private key is '''EVER''' disclosed, any data can be decrypted from the server and you must revoke the certificate. The newest versions of Apache only allow www and root users to read the key folder by default. If the private key is believed to be compromised, you should immediately revoked affected certificates and generate new certificates with a new private key.

* Many of the fields when making a certificate authority or server certificate are dated. The ones marked '''(OPTIONAL)''' don't have to be filled in.

@@ Line 9: / Line 9: @@
 * You will be making a self-signed certificate. This will make all browsers through up an error. This is OK and can usually be avoided in the future by using an exception.
 * To make it easier, it is suggested to make all the certificates in a dedicated folder somewhere that you have easy access to, for example in your home folder. This will avoid permission problems.
-* If your making a certificate without a password, the resulting certificate must be kept in a safe place. If this certificate is '''EVER''' disclosed, any data can be decrypted from the server and you must revoke the certificate. The newest versions of Apache only allow www and root users to read the key folder by default.
+* If your making a certificate with a private key without a password, the resulting certificate must be kept in a safe place. If this private key is '''EVER''' disclosed, any data can be decrypted from the server and you must revoke the certificate. The newest versions of Apache only allow www and root users to read the key folder by default. If the private key is believed to be compromised, you should immediately revoked affected certificates and generate new certificates with a new private key.
 * Many of the fields when making a certificate authority or server certificate are dated. The ones marked '''(OPTIONAL)''' don't have to be filled in.