How to create a self-signed SSL Certificate (with an example for Apache)

A self-signed SSL Certificate is a good way to make sure your data is secure when you don't actually need a trusted signed certificate.
Here is a tutorial teaching how to create a self-signed SSL Certificate in four steps.

First generate your RSA Private Key:

openssl genrsa -des3 -out server.key 1024

Then generate a Certificate Signing Request (CSR):

openssl req -new -key server.key -out server.csr
At this stage you will be asked to fill in some information about your organization. Be sure you filled in the correct domain name.

After that remove the passphraze from the Key:

cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Finally to generate a Self-Signed Certificate run:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Such certificate is temporary, it works for 365 days.

Example of using a self-signed SSL Certificate in Apache

Create necessary directories in case they don't exist:

mkdir /etc/httpd/ssl.crt
mkdir /etc/httpd/ssl.key

And copy certificate files to apache config directory:

cp server.crt /etc/httpd/ssl.crt
cp server.key /etc/httpd/ssl.key

Configure apache for using certificates:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Restart Apache

/etc/init.d/httpd restart

Got a comment?

captcha =


  1. System (20)
    1. FreeBSD (5)
    2. Linux (9)
  2. Email (2)
  3. DNS (2)
  4. Databases (1)
  5. WebServer (27)
Copyright © 2012-2015 HowToUnix - *nix Howtos and Tutorials
All Rights Reserved.