Self signed certificate for authentication¶
To create a self signed certificate for authenticating with the server, use a command like
$ openssl req -x509 -newkey rsa:2048 -keyout ftskey.pem -out ftscert.pem -days 365 -nodes -subj "/O=Fermilab/OU=REX/CN=sam\/nova\/online\/fts"
Then add the certificate to the
/home/sam/httpd/LocalCACertificates.pem file on
samweb.fnal.gov and do a graceful restart of Apache. Any time the certificate is regenerated, the server must also be updated. If this is inconvenient, use a Grid service certificate instead; as long as it is issued by a trusted authority it will be accepted.