From a8e5c2ddba88370a188308846d8d1d518da8b183 Mon Sep 17 00:00:00 2001
From: Martin Goik <goik@hdm-stuttgart.de>
Date: Wed, 28 Jun 2023 14:02:44 +0200
Subject: [PATCH] New Certicicate Authority Cert generation

---
 Doc/Sdi/Apache/apache.xml | 34 ++++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/Doc/Sdi/Apache/apache.xml b/Doc/Sdi/Apache/apache.xml
index 9af2a2504..2fbec9d03 100644
--- a/Doc/Sdi/Apache/apache.xml
+++ b/Doc/Sdi/Apache/apache.xml
@@ -357,23 +357,29 @@
 
           <listitem>
             <para><link
-            xlink:href="http://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority">Creating
-            Your Own SSL Certificate Authority (and Dumping Self Signed
-            Certs)</link></para>
-          </listitem>
-
-          <listitem>
-            <para>The previously linked recipe may fail for
-            <productname>Google Chrome</productname> being pickier about
-            certificates than <acronym>i.e.</acronym> the <productname>Firefox
-            browser</productname>. Consider the related <link
+            xlink:href="https://dgu2000.medium.com/working-with-self-signed-certificates-in-chrome-walkthrough-edition-a238486e6858">Working
+            With Self-Signed Certificates in Chrome (Walkthrough
+            Edition)</link></para>
+
+            <para>This works for both <productname>Chrome</productname> and
+            <productname>Firefox</productname> and most likely for other
+            browsers as well. It describes the creation of a wildcard
+            certificate being valid for a subdomain like e.g.
+            <code>g4.sdi.mi.hdm-stuttgart.de</code>. The Base64 certificate
+            conversion is not being required since Apache 2.4 will happily
+            accept both generated <filename>tls.crt</filename> and
+            <filename>tls.key</filename> files.</para>
+
+            <para>For a better understanding of the underlying concepts
+            consider the related <link
             xlink:href="https://stackoverflow.com/questions/30977264/subject-alternative-name-not-present-in-certificate#answer-47779814">stackoverflow.com
             article</link> for providing a <quote>Subject Alternative
             Name</quote> extension when creating your certificate signing
-            request. The subsequent certificate creation may require a
-            <code>keyUsage = nonRepudiation, digitalSignature,
-            keyEncipherment</code> configuration as being proposed by <link
-            xlink:href="https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution#answer-1466427">superuser.com</link>.</para>
+            request. Certificate creation requires the following <link
+            xlink:href="https://superuser.com/questions/1451895/err-ssl-key-usage-incompatible-solution#answer-1466427">superuser.com</link>
+            proposal:</para>
+
+            <screen>keyUsage = nonRepudiation, digitalSignature, keyEncipherment</screen>
           </listitem>
         </itemizedlist>
       </tip>
-- 
GitLab