Security Tips and Tricks

How to Create a Self-Signed SSL Certificate

An SSL certificate is ideal for securing an administration interface, a member’s-only space, an intranet, webmail. etc. It is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.

In this article we’re going to be covering how to create a self-signed SSL certificate. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Create the Self-signed SSL Certificate

Make a directory to store the certificate and the server key. Normally this will be installed on a web server so that’s where my directory structure will focus:

mkdir /etc/httpd/ssl

Generate the SSL via OpenSSL with the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

The above command will generate a 2048 -bit private key and corresponding CSR that remains valid for 365 days, and place those files into the new directory. The output of the above command will result in the following, of which you’ll need to answer a few questions:

Generating a 2048 bit RSA private key
 ………………………………………………..+++
 ……………..+++
 writing new private key to ‘/etc/httpd/ssl/apache.key’
 —–
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter ‘.’, the field will be left blank.
 —–
 Country Name (2 letter code) [XX]:US
 State or Province Name (full name) []:New York
 Locality Name (eg, city) [Default City]:New York
 Organization Name (eg, company) [Default Company Ltd]:Webair Internet Development Company, Inc
 Organizational Unit Name (eg, section) []:Webair Community 
 Common Name (eg, your name or your server’s hostname) []:community.webairfakedomain.com
 Email Address []:postmaster@webairfakedomain.com
[alert type=”info” close=”no” text=”Tip: It is very important that the Common Name be set appropriately. Enter your fully qualified domain name (FQDN) here or, if you don’t have an FQDN, then your site’s IP address.”]

Related Articles

  • Using Top [ $top ]

    What is Top? Top provides a live display of information on the CPU processes. Top gets updated periodically as it provides an output CPU level percentage, Memory size, Swap Info,...
  • Identify the process that is using some specific port

    Sometimes, you may encounter a situation where you see some ports being used by some service, but you cannot exactly determine which application/service is using it. This article talks about how...
  • Patching The Ghost Vulnerability

    The Ghost vulnerability, also known as CVE-2015-0235, is an exploit in a library named glibc. This library is referenced by many applications which run on your server. The exploit is...
  • A Basic Overview of the Vim Text Editor

    Many articles in our Webair Community advise editing configuration files. We usually recommend using your preferred text editor. I personally prefer vim. Vim, or its older sibling vi, are installed...