Security Tips and Tricks

How to Create a Self-Signed SSL Certificate

An SSL certificate is ideal for securing an administration interface, a member’s-only space, an intranet, webmail. etc. It is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.

In this article we’re going to be covering how to create a self-signed SSL certificate. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Create the Self-signed SSL Certificate

Make a directory to store the certificate and the server key. Normally this will be installed on a web server so that’s where my directory structure will focus:

mkdir /etc/httpd/ssl

Generate the SSL via OpenSSL with the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

The above command will generate a 2048 -bit private key and corresponding CSR that remains valid for 365 days, and place those files into the new directory. The output of the above command will result in the following, of which you’ll need to answer a few questions:

Generating a 2048 bit RSA private key
 ………………………………………………..+++
 ……………..+++
 writing new private key to ‘/etc/httpd/ssl/apache.key’
 —–
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter ‘.’, the field will be left blank.
 —–
 Country Name (2 letter code) [XX]:US
 State or Province Name (full name) []:New York
 Locality Name (eg, city) [Default City]:New York
 Organization Name (eg, company) [Default Company Ltd]:Webair Internet Development Company, Inc
 Organizational Unit Name (eg, section) []:Webair Community 
 Common Name (eg, your name or your server’s hostname) []:community.webairfakedomain.com
 Email Address []:postmaster@webairfakedomain.com
[alert type=”info” close=”no” text=”Tip: It is very important that the Common Name be set appropriately. Enter your fully qualified domain name (FQDN) here or, if you don’t have an FQDN, then your site’s IP address.”]

Related Articles

  • How to Manage a Linux Server with systemd

    What Operating Systems Have Adopted systemd? CentOS: Yes, by default since CentOS 7 Fedora: Yes, since the release of Fedora 15 RedHat: Yes Debian: Yes, shipped since Debian 7 as...
  • What is an Account Passphrase?

      Webair offers an extra layer of security to our clients when calling in regarding support called an Account Passphrase. This will be asked when calling into our phone support...
  • Prevent hot linking of images.

    Hot linking is displaying an image on a website by linking to the same image on another website, rather than saving a copy of it on the website on which...
  • WordPress Security Tips

    Introduction While WordPress is a great tool to use to manage and update your website, it’s also a frequent target for hackers or other users with malicious intent- this makes...