Search Our Database
How to create self signed SSL Certificate in Linux
Introduction
A Self-Signed SSL Certificate is useful when you need to secure communication between your server and clients without involving a third-party Certificate Authority (CA). This can be helpful for testing, internal websites, or private environments. This guide will walk you through creating and installing a self-signed SSL certificate on your server.
Prerequisites
- Root access to the server via SSH
- OpenSSL is installed on your server
Step-by-Step Guide
Step 1: Access the Server via SSH
Login to your Server as root user:
ssh root@[your_server_ip]
Step 2: Create a Directory for SSL Files
Create a directory to store your SSL key, Certificate Signing Request (CSR), and self-signed certificate.
mkdir /cert cd /cert
Step 3: Generate a 4096-bit Private Key
- Generate a 4096-bit private key for your server using OpenSSL:
openssl genrsa -des3 -out server.key 4096
- You will be prompted to create a passphrase to protect your private key.
Step 4: Generate a Certificate Signing Request (CSR)
- Generate the CSR by using the private key you created:
openssl req -new -key server.key -out server.csr
- During this process, you will need to enter details such as your country, state, organization, and domain.
Step 5: Create the Self-Signed Certificate
- Using the CSR and the private key, generate a self-signed certificate valid for one year (365 days):
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- This command will output the signed certificate, which can be installed on your web server.
Conclusion
You now have a self-signed SSL certificate installed on your server, securing communications between your web server and clients. Keep in mind that self-signed certificates are not trusted by browsers by default, and you may need to bypass security warnings during testing.
Article posted on 29 March 2020 by Louis