пакет ssl-cert (самоподписанные сертификаты) для rpm / fedora

Оказывается, установка mod_ssl пакет автоматически создаст несколько самозаверяющих сертификатов с готовым файлом конфигурации

/etc/httpd/conf.d/ssl.conf

Отлично работает, не нужно создавать сертификаты вручную. Конфигурация выглядит так:

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

Fedora openssl Пакет включает в себя /etc/pki/tls/certs/make-dummy-crt, который можно использовать для создания самоподписанных сертификатов. Например:

# cd /etc/pki/tls/certs
# ./make-dummy-cert mydummy.crt
# ls
ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  mydummy.crt