Search Our Database

How to create self signed SSL Certificate in Linux

Last updated on |
by

Introduction

A Self-Signed SSL Certificate is useful when you need to secure communication between your server and clients without involving a third-party Certificate Authority (CA). This can be helpful for testing, internal websites, or private environments. This guide will walk you through creating and installing a self-signed SSL certificate on your server.

 

Prerequisites

  • Root access to the server via SSH
  • OpenSSL is installed on your server

 

Step-by-Step Guide

 

Step 1: Access the Server via SSH

Login to your Server as root user:

ssh root@[your_server_ip]

 

Step 2: Create a Directory for SSL Files

Create a directory to store your SSL key, Certificate Signing Request (CSR), and self-signed certificate.

mkdir /cert
cd /cert

 

Step 3: Generate a 4096-bit Private Key

  • Generate a 4096-bit private key for your server using OpenSSL:
openssl genrsa -des3 -out server.key 4096
  • You will be prompted to create a passphrase to protect your private key.

 

Step 4: Generate a Certificate Signing Request (CSR)

  • Generate the CSR by using the private key you created:
openssl req -new -key server.key -out server.csr
  • During this process, you will need to enter details such as your country, state, organization, and domain.

 

Step 5: Create the Self-Signed Certificate

  • Using the CSR and the private key, generate a self-signed certificate valid for one year (365 days):
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  • This command will output the signed certificate, which can be installed on your web server.

 

Conclusion

You now have a self-signed SSL certificate installed on your server, securing communications between your web server and clients. Keep in mind that self-signed certificates are not trusted by browsers by default, and you may need to bypass security warnings during testing.

 

Article posted on 29 March 2020 by Louis