Website Blog

On november 16, 2004, I created the first blog to post some news and comments among my classmates and me. Now, I want to share some small view points with all the people around the world.

How to Make a Self-Signed SSL Certificate

Installing OpenSSL

Issue the following command to install required packages for OpenSSL, the open source SSL toolkit.

Debian/Ubuntu users:

$ apt-get update
$ apt-get upgrade
$ apt-get install openssl
$ mkdir /etc/ssl/localcerts

CentOS/Fedora users:

$ yum install openssl
$ mkdir /etc/ssl/localcerts

Creating a Self-Signed Certificate

As an example, we'll create a certificate that might be used to secure a personal website that's hosted with Apache. Issue the following commands:

$ openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key
$ chmod 600 /etc/ssl/localcerts/apache*

You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. We've specified the FQDN (fully qualified domain name) of the VPS for the "Common Name" entry, as this certificate will be used for generic SSL service. The -nodes flag instructs OpenSSL to create a certificate that does not require a passphrase. If this option is omitted, you will be required to enter a passphrase on the console to unlock the certificate each time the server application using it is restarted (most frequently, this will happen when you reboot your Debian Server).

Once the certificate is generated, you'll need to configure your server software properly to reference the certificate file.

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.


No comments available.