Implement a Self-signed SSL Certificate in Linux with OpenSSL
Hi guys, today I will share with you how we can create a Self-signed SSL Cert in Linux using a terminal. I am using with RHEL 7 but it should be working with other Linux Operation Systems like CentOS and Ubuntu etc.
First, we will create a new folder and set the folder permission to generate the key and certificate file with the following commands.
Create a new foldermkdir -p /etc/ssl/certs/<yourdomainname>
Set folder permissionchmod -R 700 /etc/ssl/certs/<yourdomainname>
Second, we will enter to that new folder and generate the key and csr files with openssl commands.
Create new key fileopenssl genrsa -des3 -out <yourdomainname>.key 2048
Then, we need to key in the new passphrase and verify again.
Enter pass phrase for .key: xxxxx
Verifying - Enter pass phrase for .key: xxxxx
After that, we have to generate the csr file. CSR stands for (Certificate Signing Request) before you generate the final certificate file.
Create new csr fileopenssl req -new -days 1024 -key <yourdomainname>.key -out <yourdomainname>.csr
Moreover, you have to fill in the below information and password to complete the generation.
Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Nay Zaw Lin
Organizational Unit Name (eg, section) []:IT Section
Common Name (eg, your name or your server’s hostname) []:
Email Address []:.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:.
Finally, we are good to go with the last certificate file generation.
Create new crt fileopenssl x509 -in <yourdomainname>.csr -out <yourdomainname>.crt -req -signkey <yourdomainname>.key -days 1024
That’s it. I hope this will help. π
Happy CNY π
Photo: http://www.pngall.com