12/03/2015 By emehany
You can do that in one command:
sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX
You can add -nodes
if you don't want to protect your private key with a passphrase.
Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA.
Generally, these are the steps to generate a self signed certificate
1- Generate a a private key
sudo openssl genrsa -out example.key 2048
2- Request a Certificate signing request
sudo openssl req -new -key example.key -out example.csr
3- Generate the certificate signed with our generated key
sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.key
Once the certificate is generated, the server configuration should be updated to include the new certificate. Next, we check if it works
curl -I -k https://ipaddress
-k skips the check of ssl authenticity
Login to Comment