Index: openacs-4/packages/acs-core-docs/www/install-ssl.adp =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-core-docs/www/install-ssl.adp,v diff -u -r1.1.2.1 -r1.1.2.2 --- openacs-4/packages/acs-core-docs/www/install-ssl.adp 23 Sep 2015 11:54:39 -0000 1.1.2.1 +++ openacs-4/packages/acs-core-docs/www/install-ssl.adp 23 Jun 2016 08:32:45 -0000 1.1.2.2 @@ -38,8 +38,8 @@ approved CA will work smoothly. Any other certificate will cause browsers to produce some messages or block the site. Unfortunately, getting a site certificate signed by a CA costs money. In this -section, we'll generate an unsigned certificate which will work in -most browsers, albeit with pop-up messages.

Use an OpenSSL perl script to generate a certificate and +section, we'll generate an unsigned certificate which will work +in most browsers, albeit with pop-up messages.

Use an OpenSSL perl script to generate a certificate and key.

Debian users: use /usr/lib/ssl/misc/CA.pl instead of /usr/share/ssl/CA

Mac OS X users: use perl /System/Library/OpenSSL/misc/CA.pl -newcert instead of /usr/share/ssl/CA

@@ -58,13 +58,12 @@
 

newreq.pem contains our certificate and private key. The key is protected by a passphrase, -which means that we'll have to enter the pass phrase each time the -server starts. This is impractical and unnecessary, so we create an -unprotected version of the key. Security -implication: if anyone gets access to the file -keyfile.pem, they effectively own the key as much as you do. -Mitigation: don't use this key/cert combo for anything besides -providing ssl for the web site.

+which means that we'll have to enter the pass phrase each time
+the server starts. This is impractical and unnecessary, so we
+create an unprotected version of the key. Security implication: if anyone gets
+access to the file keyfile.pem, they effectively own the key as
+much as you do. Mitigation: don't use this key/cert combo for
+anything besides providing ssl for the web site.

 [root misc]# openssl rsa -in newreq.pem -out keyfile.pem
 read RSA key
 Enter PEM pass phrase: