How to create a self signed certificate?

26 Apr 2012 at 00:00:00 - 0 comment(s)

You need a self signed certificate for your website over https, this post is here to take you through the few steps necessary to create your self signed certificate.

First generate a server key

openssl genrsa -des3 -out server.key 4096

Then create a certificate signing request with it

openssl req -new -key server.key -out server.csr

You are prompted for multiple questions, make sure "Common Name (eg, YOUR name)" matches the registered fully qualified domain name of your box. So if your website is you will put that here.

Now sign the certificate signing request. Below the certificate will be valid for 365 days:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Chown the certificate to root and make it readable only by it:

chown root:root server.crt
chmod go-rw server.crt

That's it, you have a self signed certificate.


Notify me of follow up comments