Skip to content

Instantly share code, notes, and snippets.

@PSJoshi

PSJoshi/ssl-certificate-generation.md

Created September 13, 2022 12:25
Show Gist options
  • Save PSJoshi/a0274a218ca6f001499d349df66b3beb to your computer and use it in GitHub Desktop.
Save PSJoshi/a0274a218ca6f001499d349df66b3beb to your computer and use it in GitHub Desktop.
Download ZIP
Generate self signed certificate
Raw
ssl-certificate-generation.md

Generate self signed certificate

Self-signed certificates are convenient when developing locally. Of course, these are not be used in production environments. If you are running a public site, it's recommended to use any commercial certificate recognized by Browser. "Let's Encrypt" has revolutionalized the certificate eco-system and you can easily use/deploy them on public facing websites.

For experimentation and testing, self-signed certificates is the easiest approach. Steps to get self-signed certificate are given below:

  • Install openssl
# apt-get install openssl
  • Generate a private RSA key You can generate your private key with or without a passphrase to protect it. You only need to choose one of these options. This will generate a 2048-bit RSA private key.
# Generate 2048 bit RSA private key (no passphrase)

# openssl genrsa -out private_key.pem 2048

# To add a passphrase when generating the private key
# include a cipher flag like -aes256 

# openssl genrsa -aes256 -out private_key.pem 2048
  • Generate certificate signing request (CSR) with the key Using the private key generated in the previous step, we need to create a certificate signing request.
# Generate certificate signing request (CSR)

# openssl req -new -key private_key.pem -out sign_req.csr
  • Sign the certificate signing request with the key The last step in the process is to sign the request using a private key. In this example we are signing the certificate request with the same key that was used to create it. That's why it earns the name "self-signed".
# Sign the certificate signing request

#openssl x509 -req -days 365 -in sign_req.csr -signkey private_key.pem -out certificate.pem
  • View certificate details
# Review a certificate
# openssl x509 -text -noout -in certificate.pem
  • Generate key and certificate in one go
# openssl req -newkey rsa:2048 -nodes -keyout private_key.pem -x509 -days 36500 -out certificate.pem
  • Remove passphrase from private key
# If a private key has a passphrase, remove it.
# Will be prompted to enter the passphrase

#openssl rsa -in server.key -out server-nopassphrase.key
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment