Table of Contents
This tip is about the how to Generate a Self-Signed Certificate in Linux. So read this free guide, How to Generate a Self-Signed Certificate in Linux step by step. If you have query related to same article you may contact us.
How to Generate a Self-Signed Certificate in Linux – Guide
This is a guide about how to create self-signed SSL certificates using OpenSSL on Linux. It provides the simple cut-and-paste code you need to generate your first RSA key pair. After creating your first set of keys, you should be sure to create certificates for a variety of situations. RSA keys are used everywhere these days, and knowing how to generating them is an essential skill for the system administrator and an easy process for the hobbyist.
SSL certificates are used by many protocols and services, from HTTPS to VPN. Regardless of the application, simply generating your own self-signed SSL certificates will drastically change the way you use the system.
Create an RSA key pair
Extract the private key to the “httpd” folder
The /etc/httpd folder is where the operating system keeps all the important SSL-related items. First, let’s create a new folder to store all our files related to our private key:
sudo mkdir / etc / httpd / httpscertificate
We call the folder httpscertificate and will reference it by that name in all other command-line examples. You can name the folder whatever you like.
To extract the private key from the key pair file we just created, type the following:
openssl rsa -passin pass: x -in keypair.key -out /etc/httpd/httpscertificate/012.345.678.90.keyReplace the bold section with the IP address of your own server. Or if you can access your website with a domain name, you can also use that.
This will create a .key file in the folder we just created. When this process is complete, we can delete the original keypair file:
rm keypair.key
Creating a “Certificate Signing Request” (CSR) file
With the key, we can create a special .csr file that we can sign or send to a “Certificate Authority”. It is in a standardized format and can be easily generated with our key from the previous step. To create it, type the following command:
openssl req -new -key /etc/httpd/httpscertificate/012.345.678.90.key -out /etc/httpd/httpscertificate/012.345.678.90.csrAgain, replace the items in bold with the IP address or domain name you defined in step 2. When executing this command, the tool will ask for some of your personal information, such as your location and organization name:
A CA (short for Certification Authority) can use these details to verify that you really are who you say you are. Try to fill in the fields with as much information as possible.
Once you finish entering these details, the tool will finish its work and place a .csr file in the directory we created just for this purpose.
Creation of the certificate “.crt” file
With CSR, we can create the final certificate file as follows. Now we will use our .csr and .key files to create our .crt file:
openssl x509 -req -days 365 -in /etc/httpd/httpscertificate/012.345.678.90.csr -signkey /etc/httpd/httpscertificate/012.345.678.90.key -out /etc/httpd/httpscertificate.9012.345.678 a file. crt in place with all our other files. now we know how to generate our self-signed SSL certificate. Here is a screenshot of final files in our security folder.
Configuring Apache to use the files
All we need to do now is show Apache where our generated self-signed certificates are. First, we need to install the mod_ssl package with the command:
sudo yum install mod_sslOnce this is done, this will place an ssl.conf file into the /etc/httpd/conf.d/ folder. We need to modify this default file. Use your favorite text editor:
sudo vi /etc/httpd/conf.d/ssl.conf Now scroll down until you find the lines starting with:
SSLCertificateFileSSL CertificateKeyFileChange the default paths with the paths for certificate file and key file respectively
Save your changes. Now just restart Apache with:
sudo apachectl restartAnd it’s done! When Apache restarts, it will be configured to allow SSL connections using the generated self-signed SSL certificates.
When you connect to your IP address via HTTPS next time, you will be warned that it is not a trusted certificate:
Here you can see that he is using the certificate we created. It is not very useful for anyone visiting your site as it cannot verify your identity. But you know it’s secure and, besides, it’s encrypted. No man in the middle attacks! Now you know how to generate your own self-signed SSL certificates and deploy them to your Apache web server.
Final note
I hope you like the guide How to Generate a Self-Signed Certificate in Linux. In case if you have any query regards this article you may ask us. Also, please share your love by sharing this article with your friends.