Skip to content

Instantly share code, notes, and snippets.

@taoyuan
Last active January 2, 2025 20:54
Show Gist options
  • Save taoyuan/39d9bc24bafc8cc45663683eae36eb1a to your computer and use it in GitHub Desktop.
Save taoyuan/39d9bc24bafc8cc45663683eae36eb1a to your computer and use it in GitHub Desktop.
Generation of a Self Signed Certificate

Generation of a Self Signed Certificate

Generation of a self-signed SSL certificate involves a simple 3-step procedure:

STEP 1: Create the server private key

openssl genrsa -out cert.key 2048

STEP 2: Create the certificate signing request (CSR)

openssl req -new -key cert.key -out cert.csr

STEP 3: Sign the certificate using the private key and CSR

openssl x509 -req -days 3650 -in cert.csr -signkey cert.key -out cert.crt

Congratulations! You now have a self-signed SSL certificate valid for 10 years.

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/C=GB/ST=London/L=London/O=Global Security/OU=R&D Department/CN=example.com" \
-keyout cert.key -out cert.crt
@gaurav-tiwari90
Copy link

on which path does they get saved in ubuntu ?

@taoyuan
Copy link
Author

taoyuan commented Jun 18, 2024

@gaurav-tiwari90 Should be in the current working directory. or you can specify the path with openssl genrsa -out <custom_path>/cert.key 2048

@CertiCoder
Copy link

how secure is this

@FriendsAtDawn
Copy link

how secure is this

Well, lets try to break this.

If you use this key often, better you keep them safe. Because if you sign a ---lets say--- pdf and upload it in a folder under your control, it becomes a non qualified e-sign, so it's your signature. The same if you sign a letter to your bank using it, etc. You can imagine a bunch of situations that validates that an open ssl sign is yours. What about Qualified E-Sign? In this case, the gov sign a certificate to a firm who sign the certificate to you. Is a chain of trust. Will it validates all over internet, well no. For this you need and does not exists a unique Root. Let's say the Pope have the Root Certificate and then all others derives from his. So anybody can reconstruct the chain of trust. But, that is not the case. In my country, the documents signed in this way validates only in some servers in the country. Outside it does not validate. The Root is an Office. Sorry but this is long as life. Obviously there are de Root de facto: Digicert, Google.

@Luis-Harz
Copy link

how i create a .pem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment