Create and Install Self-Signed SSL Certificate on CentOS and Ubuntu

SSL certificate stands for Secure Socket Layer is used to establish a secure and encrypted connection between a browser and a server. SSL certificate is also known as digital certificate. The SSL connection protects sensitive data such us credit card information and authenticated passwords during each visit. When you purchase SSL certificate from a trusted-third party they will say that your SSL certificate is both valid and legitimately used by it owners.

Creating Self-Signed Certificates

Instead of purchasing SSL certificate we can use a self-signed certificate for your local machine. Your browser will show an untrusted warning message on the first time when we access the self-signed certificate on the browser, but you can click pass that and test your application on your own SSL.

1) Install openSSL.

For CentOS users:

# yum install openssl

For Ubuntu user:

# apt-get install openssl

2) Create a New Directory.

Create a new directory where we need to store the key and certificate.

# mkdir /etc/[webserver]/ssl

3) Create private key for the certificate.

# openssl genrsa -out “/etc/[webserver]/ssl/example.key” 2048

4) Generate the Certificate Signing Request.

# openssl req -new -key “/etc/[webserver]/ssl/example.key” \  -out “/etc/[webserver]/ssl/example.csr”

This command will prompt a terminal with a list of fields need to be filled.

Most important field is “common name”. Enter user fully qualified domain name here.

Country Name (2 letter code) [AU]:xx

State or Province Name (full name) [Some-State]:xx xx

Locality Name (eg, city) []:xx

Organization Name (eg, company) [Internet Widgits Pty Ltd]:xx

Organizational Unit Name (eg, section) []:xx

Common Name (e.g. server FQDN or YOUR name) []:example.com

Email Address []:xxx@gmail.com

5) Creating Self-Signed certificate.

# openssl x509 -req -days 365 -in “/etc/[webserver]/ssl/example.csr” \  -signkey “/etc/[webserver]/ssl/example.key”  \  -out “/etc/[webserver]/ssl/example.crt”

Installing Self-Signed SSL certificate

Set Up the Certificate for Apache server:

Open SSL configuration file.

# vi /etc/httpd/conf.d/ssl.conf

Locate the section that begins with <VirtualHost _default_:443>

Uncomment the DocumentRoot and ServerName line and replace the ServerName with your domain name and document root of your domain name. Find the below three line and make sure that the location of both key and certificate are correct.

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Restart the apache server.

For CentOS users:

# systemctl restart httpd

For Ubuntu Users:

# service apache2 restart

Set Up the Certificate for Nginx server:

 # vi /etc/nginx/sites-available/default.ssl.conf

Find the section listen 443 ssl. Replace server_name with your domain name and root with document root of your domain. Find these three lines and make sure that the location of both key and certificate are correct.

 ssl on;

ssl_certificate     /etc/nginx/ssl/example.crt;

ssl_certificate_key /etc/nginx/ssl/example.key;

Restart the NGINX server.

For CentOS users:

# systemctl restart nginx

For Ubuntu Users:

# service nginx restart

You have successfully installed self-signed certificate and now you can load your domain with your own certificate from your local machine.

If you need any further assistance please contact our support department.