Introduction
This section is for reference only.
- If the inference service uses HTTPS, you need to use the CA to issue server and client certificates. You are advised to apply for CA certificates from a professional CA. X509v3 certificates are recommended for authentication. If you choose to create a self-signed certificate, do not perform the following procedure for generating and signing the certificate on the production server to improve security.
- For security purpose, the key length of the RSA algorithms must be at least 2048 bits. 4096-bit keys are recommended. Ensure that the -aes256 command is used to encrypt the key. In addition, MD5, SHA1, and RSA1024 are not recommended for encryption because they have security risks.
- Set the certificate validity period properly. It is recommended that the validity period be less than or equal to 36 months.
- If an empty password is entered when you create a self-signed certificate, the generated private key is in plaintext, which poses security risks. It is recommended that the password meet certain complexity requirements.
- Password complexity suggestions:
- Contains at least eight characters.
- Contains at least two types of the following characters:
- Lowercase letters
- Uppercase letters
- Digits
- Special characters
Parent topic: Self-signed Certificate Creation Methods