[deployment-guide/comm-rel-14: 626/677] Added information about the serial number. (BZ#440690)

Jaromir Hradilek jhradile at fedoraproject.org
Sun Nov 14 23:54:58 UTC 2010 

commit d750b61d1d47f0d21954c39efae3a614026e2fc9
Author: Jaromir Hradilek <jhradile at redhat.com>
Date:   Fri Oct 22 17:24:31 2010 +0200

    Added information about the serial number. (BZ#440690)

 en-US/The_Apache_HTTP_Server.xml |    9 ++++++++-
 1 files changed, 8 insertions(+), 1 deletions(-)
---
diff --git a/en-US/The_Apache_HTTP_Server.xml b/en-US/The_Apache_HTTP_Server.xml
index 77b8a0e..545eadf 100644
--- a/en-US/The_Apache_HTTP_Server.xml
+++ b/en-US/The_Apache_HTTP_Server.xml
@@ -3919,10 +3919,17 @@ SSLCertificateKeyFile /etc/pki/tls/private/<replaceable>hostname</replaceable>.k
       <para>
         You should be presented with a screen as shown in <xref linkend="figure-apache-mod_ssl-genkey-01" />.
       </para>
+      <important>
+        <title>Important: Replacing an Existing Certificate</title>
+        <para>
+          If the server already has a valid certificate and you are replacing it with a new one, specify a different serial number, so that client browsers are notified of this change, update to this new certificate, and do not fail to access the page. To generate a certificate with a custom serial number, use the following command instead:
+        </para>
+        <screen>~]# <command>openssl req -new -set_serial <replaceable>number</replaceable> -key <replaceable>hostname</replaceable>.key -out <replaceable>hostname</replaceable>.crt</command></screen>
+      </important>
       <note>
         <title>Note: Remove a Previously Created Key</title>
         <para>
-          If there already is a key file for a particular hostname in your system, the utility will refuse to start. In this case, remove the existing file using the following command, and then run the utility again:
+          If there already is a key file for a particular hostname in your system, <application>genkey</application> will refuse to start. In this case, remove the existing file using the following command:
         </para>
         <screen>~]# <command>rm /etc/pki/tls/private/<replaceable>hostname</replaceable>.key</command></screen>
       </note>

More information about the docs-commits mailing list