NixUser

NixUser.com | Unix User | Linux User | NixUser

How to create a Self-Signed SSL Certificate

April 3, 2015, NixUSer, 0

I will explain here how to create a self-signed ssl certificate for testing purposes. I am skipping the usual explanation of the technique, since you already know it.

Generate Private Key

The first step is to create the RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

$ openssl genrsa -des3 -out domain.key 1024

Generating RSA private key, 1024 bit long modulus
…………………………………………………++++++
……..++++++
e is 69834 (0x10001)
Enter PEM pass phrase:
Verifying password – Enter PEM pass phrase:

Generate Certificate Signing Request or commonly known as CSR

$ openssl req -new -key domain.key -out domain.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:NU
State or Province Name (full name) []:ON
Locality Name (eg, city) [Default City]:NY
Organization Name (eg, company) [Default Company Ltd]:NixUSer.com
Organizational Unit Name (eg, section) []:Online
Common Name (eg, your name or your server’s hostname) []:NixUSer.com
Email Address []:admin@NixUSer.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:xxxx
An optional company name []:NU

Remove Passphrase from Key

If the passphrase is not removed, you have to type in the passphrase every time the apache web server is restarted.

$ cp domain.key domain.key.original

$ openssl rsa -in domain.key.original -out domain.key

The newly created domain.key file will not have passphrase in it.

Generate Self-Signed Certificate

To generate a self-signed certificate valid for 500 days, use the command below.

openssl x509 -req -days 500 -in domain.csr -signkey domain.key -out domain.crt
Signature ok
subject=/C=NU/ST=ON/L=NY/O=NixUSer.com/OU=Online/CN=NixUSer.com/emailAddress=admin@NixUSer.com
Getting Private key

Now you can install the self-signed ssl certificate and test.

General, Unix

, , ,