How to create a self-signed SSL Certificate

How to create a self-signed SSL Certificate which can be used for testing purposes or internal usage

Step 1: Generate a Private Key and CSR

aws@AWSadminz:~$ mkdir ~ssl
aws@AWSadminz:~$ cd ~ssl
aws@AWSadminz:~$ openssl req -new -newkey rsa:2048 -nodes -out www_domain_com.csr -keyout www_domain_com.key -subj "/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com"

Optional : To add Multiple SAN names, Use multipe CN values.

aws@AWSadminz:~$ openssl req -new -newkey rsa:2048 -nodes -out www_domain_com.csr -keyout www_domain_com.key -subj "/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com/CN=online.domain.com"

Where Above Fields Refers,

Country Name (2 letter code) [GB]:**IN**  
 State or Province Name (full name) [Berkshire]:**India**  
 Locality Name (eg, city) [Newbury]:**Kerala**  
 Organization Name (eg, company) [My Company Ltd]: **AWSadminz**  
 Organizational Unit Name (eg, section) []:**IT**  
 Common Name (eg, your name or your server’s hostname) []:**www.domain.com**  
 Please enter the following ‘extra’ attributes  
 to be sent with your certificate request  
 A challenge password []:  
 An optional company name []:  
-rw-rw-r-- 1 aws aws 1041 2012-10-27 03:32 www_domain_com.csr
-rw-rw-r-- 1 aws aws 1704 2012-10-27 03:32 www_domain_com.key 

Step 2: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don’t plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted. To generate a temporary certificate which is good for 365 days, issue the following command:

aws@AWSadminz:~ssl$ openssl x509 -req -days 365 -in www_domain_com.csr -signkey www_domain_com.key -out www_domain_com.crt
Signature ok
subject=/C=IN/ST=India/L=Kerala/O=AWSadminz/OU=IT/CN=www.domain.com

Getting Private key
Now you have al the 3 files. ie, Certificate Key and CSR.

aws@AWSadminz: ~ssl$ ls
total 404
drwxrwxr-x 2 aws aws 4096 2012-10-27 03:29 ./
drwxrwxrwt 27 root root 393216 2012-10-27 03:33 ../
-rw-rw-r-- 1 aws aws 1273 2012-10-27 03:32 www_domain_com.crt
-rw-rw-r-- 1 aws aws 1041 2012-10-27 03:32 www_domain_com.csr
-rw-rw-r-- 1 aws aws 1704 2012-10-27 03:32 www_domain_com.key

Step 3: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled. We need only CRT and KEY file on the apache Server.

mkdir /etc/httpd/ssl
cp www_domain_com.crt /etc/httpd/ssl/www_domain_com.crt
cp www_domain_com.key /etc/httpd/ssl/www_domain_com.key

Step 4: Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/www_domain_com.crt
SSLCertificateKeyFile /etc/httpd/ssl/www_domain_com.key

Step 5: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd stop

And verify the ssl using the URL https://www.domain.com   Any Isuses, Please comment ![:)]

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Scroll to Top