[deployment-guide/comm-rel-14: 626/677] Added information about the serial number. (BZ#440690)
Jaromir Hradilek
jhradile at fedoraproject.org
Sun Nov 14 23:54:58 UTC 2010
commit d750b61d1d47f0d21954c39efae3a614026e2fc9
Author: Jaromir Hradilek <jhradile at redhat.com>
Date: Fri Oct 22 17:24:31 2010 +0200
Added information about the serial number. (BZ#440690)
en-US/The_Apache_HTTP_Server.xml | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 77b8a0e..545eadf 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -3919,10 +3919,17 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
<para>
You should be presented with a screen as shown in <xref linkend="figure-apache-mod_ssl-genkey-01" />.
</para>
+ <important>
+ <title>Important: Replacing an Existing Certificate</title>
+ <para>
+ If the server already has a valid certificate and you are replacing it with a new one, specify a different serial number, so that client browsers are notified of this change, update to this new certificate, and do not fail to access the page. To generate a certificate with a custom serial number, use the following command instead:
+ </para>
+ <screen>~]# <command>openssl req -new -set_serial <replaceable>number</replaceable> -key <replaceable>hostname</replaceable>.key -out <replaceable>hostname</replaceable>.crt</command></screen>
+ </important>
<note>
<title>Note: Remove a Previously Created Key</title>
<para>
- If there already is a key file for a particular hostname in your system, the utility will refuse to start. In this case, remove the existing file using the following command, and then run the utility again:
+ If there already is a key file for a particular hostname in your system, <application>genkey</application> will refuse to start. In this case, remove the existing file using the following command:
</para>
<screen>~]# <command>rm /etc/pki/tls/private/<replaceable>hostname</replaceable>.key</command></screen>
</note>
More information about the docs-commits
mailing list