Creating a self signed certificate


You may need to run a secure web server at some time which will require an SSL certificate. Even if you choose to have a commercial certificate, you will need to generate a CSR file which is part of this process.

In order to create a SSL certificate under Linux you need to issue the following command.

openssl genrsa -des3 -out ssl.key 1024

Make sure to provide a passphrase. Remember it because you will need it several times during the process. If you wish, the passphrase can be removed later in the process.

Next we need to create a CSR or Certificate Signing Request. If you purchase a commercial certificate, this is the file you will need to provide the issuer.

openssl req -new -key ssl.key -out ssl.csr

As the file is created, you will provide answers to questions such as location, company, etc. The tricky question is “Common Name”. This should be the site you wish to provide SSL connections.

If you wish to remove the passphrase to make automated web server restarts more easy, you can use the following commands.

cp ssl.key
  openssl rsa -in -out ssl.key

Now you need to create your self signed certificate with the following command.

openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt

Generally, I try to name my files the name of the domain I am creating the cert for. For example, my ssl.key would be named and so forth. This helps me to better identify what host the certificate and files are associated with.

After completing the creation of your files, you will need to place them in your server’s desired location and configure the web server to find the proper files.