ClaudioVarandas · May 4, 2017 09:26
diff --git a/create_selfsigned_fedora.sh b/create_selfsigned_fedora.sh
 #Issue the following command to generate your self-signed certificate. 
 #Change example.com to reflect the fully qualified domain name (FQDN) of the site you intend to use with SSL:

 #1
 openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/pki/tls/certs/example.com.crt -keyout /etc/pki/tls/private/example.com.key
 #This command creates a .crt file under the /etc/pki/tls/certs directory, and a .key file under /etc/pki/tls/private using these options:

 #-nodes instructs OpenSSL to create a certificate that does not require a passphrase. If this option is excluded, you will be required to enter the the passphrase in the console each time the application using it is restarted.
 #-days determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary.
 #-sha256 ensures that the certificate request is generated using 265-bit SHA (Secure Hash Algorithm).
 #-x509 tells OpenSSL to create a self-signed certificate.
 #You will be prompted to add identifying information for your website or organization. After the command completes, you will have a new .crt certificate file under /etc/pki/tls/certs, and a private .key file under /etc/pki/tls/private. You can issue these commands to ensure that both the certificate and the key are properly secured:

 chmod 400 /etc/pki/tls/certs/example.com.crt
 chmod 400 /etc/pki/tls/private/example.com.key
	#Issue the following command to generate your self-signed certificate.
	#Change example.com to reflect the fully qualified domain name (FQDN) of the site you intend to use with SSL:

	#1
	openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/pki/tls/certs/example.com.crt -keyout /etc/pki/tls/private/example.com.key
	#This command creates a .crt file under the /etc/pki/tls/certs directory, and a .key file under /etc/pki/tls/private using these options:

	#-nodes instructs OpenSSL to create a certificate that does not require a passphrase. If this option is excluded, you will be required to enter the the passphrase in the console each time the application using it is restarted.
	#-days determines the length of time in days that the certificate is being issued for. For a self-signed certificate, this value can be increased as necessary.
	#-sha256 ensures that the certificate request is generated using 265-bit SHA (Secure Hash Algorithm).
	#-x509 tells OpenSSL to create a self-signed certificate.
	#You will be prompted to add identifying information for your website or organization. After the command completes, you will have a new .crt certificate file under /etc/pki/tls/certs, and a private .key file under /etc/pki/tls/private. You can issue these commands to ensure that both the certificate and the key are properly secured:

	chmod 400 /etc/pki/tls/certs/example.com.crt
	chmod 400 /etc/pki/tls/private/example.com.key