Project

General

Profile

Self signed certificate for authentication

To create a self signed certificate for authenticating with the server, use a command like

$ openssl req -x509 -newkey rsa:2048 -keyout ftskey.pem -out ftscert.pem -days 365 -nodes -subj "/O=Fermilab/OU=REX/CN=sam\/nova\/online\/fts" 

Then add the certificate to the /home/sam/httpd/LocalCACertificates.pem file on samweb.fnal.gov and do a graceful restart of Apache. Any time the certificate is regenerated, the server must also be updated. If this is inconvenient, use a Grid service certificate instead; as long as it is issued by a trusted authority it will be accepted.