How to create a self-signed SSL Certificate (with an example for Apache)
A self-signed SSL Certificate is a good way to make sure your data is secure when you don't actually need a trusted signed certificate. Here is a tutorial teaching how to create a self-signed SSL Certificate in four steps.
First generate your RSA Private Key:
openssl genrsa -des3 -out server.key 1024
Then generate a Certificate Signing Request (CSR):
openssl req -new -key server.key -out server.csrAt this stage you will be asked to fill in some information about your organization. Be sure you filled in the correct domain name.
After that remove the passphraze from the Key:
cp server.key server.key.orig openssl rsa -in server.key.orig -out server.key
Finally to generate a Self-Signed Certificate run:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Such certificate is temporary, it works for 365 days.
Example of using a self-signed SSL Certificate in Apache
Create necessary directories in case they don't exist:
mkdir /etc/httpd/ssl.crt mkdir /etc/httpd/ssl.key
And copy certificate files to apache config directory:
cp server.crt /etc/httpd/ssl.crt cp server.key /etc/httpd/ssl.key
Configure apache for using certificates:
SSLEngine on
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Restart Apache
/etc/init.d/httpd restart
See also:
Got a comment?