You can do that in one command:

sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX

You can add -nodes if you don't want to protect your private key with a passphrase.

Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA.

Generally, these are the steps to generate a self signed certificate

1- Generate a a private key

sudo openssl genrsa -out example.key 2048

2- Request a Certificate signing request

sudo openssl req -new -key example.key -out example.csr

3- Generate the certificate signed with our generated key

sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.key

Once the certificate is generated, the server configuration should be updated to include the new certificate. Next, we check if it works

curl -I -k https://ipaddress

-k skips the check of ssl authenticity

Leave a comment