Security Tips and Tricks

How to Create a Self-Signed SSL Certificate

An SSL certificate is ideal for securing an administration interface, a member’s-only space, an intranet, webmail. etc. It is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.

In this article we’re going to be covering how to create a self-signed SSL certificate. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Create the Self-signed SSL Certificate

Make a directory to store the certificate and the server key. Normally this will be installed on a web server so that’s where my directory structure will focus:

mkdir /etc/httpd/ssl

Generate the SSL via OpenSSL with the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

The above command will generate a 2048 -bit private key and corresponding CSR that remains valid for 365 days, and place those files into the new directory. The output of the above command will result in the following, of which you’ll need to answer a few questions:

Generating a 2048 bit RSA private key
 writing new private key to ‘/etc/httpd/ssl/apache.key’
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter ‘.’, the field will be left blank.
 Country Name (2 letter code) [XX]:US
 State or Province Name (full name) []:New York
 Locality Name (eg, city) [Default City]:New York
 Organization Name (eg, company) [Default Company Ltd]:Webair Internet Development Company, Inc
 Organizational Unit Name (eg, section) []:Webair Community 
 Common Name (eg, your name or your server’s hostname) []
 Email Address []
[alert type=”info” close=”no” text=”Tip: It is very important that the Common Name be set appropriately. Enter your fully qualified domain name (FQDN) here or, if you don’t have an FQDN, then your site’s IP address.”]

Related Articles

  • How to List Which Apache 2 Modules are Enabled on CentOS 6.x

    View Loaded Apache Modules Just one command: apachectl -M Or, if you want to view the list in alphabetical order: apachectl -M | sort Or, if you want to view...
  • Using Top [ $top ]

    What is Top? Top provides a live display of information on the CPU processes. Top gets updated periodically as it provides an output CPU level percentage, Memory size, Swap Info,...
  • Checking Hacked Server

    Categories of server:   1.1 Webair managed client server: Webair will perform a variety of custom configuration, maintenance, and optimization your server for maximum performance and reliability. A list of...
  • Denial Of Service: iptables Defense

    Servers sometimes get hit with what are know as DOS attacks. The offending IP address is usually readily available in the logs for the server being hit. If your SSH...