openssl rsa -in newreq.pem -out wwwkeyunsecure.pem |
Edit /etc/httpd/conf/ssl/ssl.default-vhost.conf.
---- # Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A test # certificate can be generated with `make certificate' under # built time. #SSLCertificateFile conf/ssl/ca.crt SSLCertificateFile wwwcert.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. #SSLCertificateKeyFile conf/ssl/ca.key.unsecure SSLCertificateKeyFile wwwkeyunsecure.pem ---- |
Read the paragraph on “Using a certificate with POPS”, for more information.
CA.pl -sign |
openssl x509 -in newcert.pem -out newcertx509.pem |
Using a text editor is also suitable to delete everything outside the -CERTIFICATE- section.
The newcertx509.pem file now contains only the -CERTIFICATE- section.