New Certicicate Authority Cert generation

a8e5c2dd · Goik Martin · 9a6b5f45 · a8e5c2dd
Commit a8e5c2dd authored 1 year ago by Goik Martin
--- a/Doc/Sdi/Apache/apache.xml
+++ b/Doc/Sdi/Apache/apache.xml
@@ -357,23 +357,29 @@

          <listitem>
            <para><link
-            xlink:href="http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority">Creating
-            Your Own SSL Certificate Authority (and Dumping Self Signed
-            Certs)</link></para>
-          </listitem>
-
-          <listitem>
-            <para>The previously linked recipe may fail for
-            <productname>Google Chrome</productname> being pickier about
-            certificates than <acronym>i.e.</acronym> the <productname>Firefox
-            browser</productname>. Consider the related <link
+            xlink:href="https://dgu2000.medium.com/working-with-self-signed-certificates-in-chrome-walkthrough-edition-a238486e6858">Working
+            With Self-Signed Certificates in Chrome (Walkthrough
+            Edition)</link></para>
+
+            <para>This works for both <productname>Chrome</productname> and
+            <productname>Firefox</productname> and most likely for other
+            browsers as well. It describes the creation of a wildcard
+            certificate being valid for a subdomain like e.g.
+            <code>g4.sdi.mi.hdm-stuttgart.de</code>. The Base64 certificate
+            conversion is not being required since Apache 2.4 will happily
+            accept both generated <filename>tls.crt</filename> and
+            <filename>tls.key</filename> files.</para>
+
+            <para>For a better understanding of the underlying concepts
+            consider the related <link
            xlink:href="https://stackoverflow.com/questions/30977264/subject-alternative-name-not-present-in-certificate#answer-47779814">stackoverflow.com
            article</link> for providing a <quote>Subject Alternative
            Name</quote> extension when creating your certificate signing
-            request. The subsequent certificate creation may require a
-            <code>keyUsage = nonRepudiation, digitalSignature,
-            keyEncipherment</code> configuration as being proposed by <link
-            xlink:href="https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution#answer-1466427">superuser.com</link>.</para>
+            request. Certificate creation requires the following <link
+            xlink:href="https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution#answer-1466427">superuser.com</link>
+            proposal:</para>
+
+            <screen>keyUsage = nonRepudiation, digitalSignature, keyEncipherment</screen>
          </listitem>
        </itemizedlist>
      </tip>