Creating a self-signed cert

If you need to support or serve your website using SSL, but only for personal purposes, such as a webmail, you’ve probably come across the problem of creating your own server certificate.

Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers.

If so, run the following to create a self-signed cert:

1.   Via a terminal window, run these commands in sequence:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl rsa -in server.key -out signingkey.key
openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
chmod 600 server.key
chmod 600 selfsigned_digicert.crt
mkdir -p /etc/pki/tls/private
mkdir -p /etc/pki/tls/certs
cp server.key /etc/pki/tls/private/localhost.key
cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

1.   Restart HTTP (I run FC6), like so:

server httpd restart

That’s it!  You can now serve your website via SSL…Don’t forget to open up your firewall to accept them (TCP port 443).

Leave a Reply

Your email address will not be published. Required fields are marked *