An SSL certificate is ideal for securing an administration interface, a member’s-only space, an intranet, webmail. etc. It is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.
In this article we’re going to be covering how to create a self-signed SSL certificate. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.
Create the Self-signed SSL Certificate
Make a directory to store the certificate and the server key. Normally this will be installed on a web server so that’s where my directory structure will focus:
Generate the SSL via OpenSSL with the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
The above command will generate a 2048 -bit private key and corresponding CSR that remains valid for 365 days, and place those files into the new directory. The output of the above command will result in the following, of which you’ll need to answer a few questions:
Generating a 2048 bit RSA private key ………………………………………………..+++ ……………..+++ writing new private key to ‘/etc/httpd/ssl/apache.key’ —– You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —– Country Name (2 letter code) [XX]:US State or Province Name (full name) :New York Locality Name (eg, city) [Default City]:New York Organization Name (eg, company) [Default Company Ltd]:Webair Internet Development Company, Inc Organizational Unit Name (eg, section) :Webair Community Common Name (eg, your name or your server’s hostname) :community.webairfakedomain.com Email Address :email@example.com