Implement a Self-signed SSL Certificate in Linux with OpenSSL

Hi guys, today I will share with you how we can create a Self-signed SSL Cert in Linux using a terminal. I am using with RHEL 7 but it should be working with other Linux Operation Systems like CentOS and Ubuntu etc.

First, we will create a new folder and set the folder permission to generate the key and certificate file with the following commands.

Create a new folder
mkdir -p /etc/ssl/certs/<yourdomainname>

Set folder permission
chmod -R 700 /etc/ssl/certs/<yourdomainname>

Second, we will enter to that new folder and generate the key and csr files with openssl commands.

Create new key file
openssl genrsa -des3 -out <yourdomainname>.key 2048

Then, we need to key in the new passphrase and verify again.

Enter pass phrase for .key: xxxxx
Verifying - Enter pass phrase for .key: xxxxx


After that, we have to generate the csr file. CSR stands for (Certificate Signing Request) before you generate the final certificate file.

Create new csr file
openssl req -new -days 1024 -key <yourdomainname>.key -out <yourdomainname>.csr

Moreover, you have to fill in the below information and password to complete the generation.

Country Name (2 letter code) [XX]:SG
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:Singapore
Organization Name (eg, company) [Default Company Ltd]:Nay Zaw Lin
Organizational Unit Name (eg, section) []:IT Section
Common Name (eg, your name or your server’s hostname) []:
Email Address []:.
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:.

Finally, we are good to go with the last certificate file generation.

Create new crt file
openssl x509 -in <yourdomainname>.csr -out <yourdomainname>.crt -req -signkey <yourdomainname>.key -days 1024

That’s it. I hope this will help. πŸ™‚
Happy CNY πŸ™‚
Photo: http://www.pngall.com

Leave a Reply

Your email address will not be published. Required fields are marked *