Debian/Ubuntu Tips and Tricks

Debuntu

Debian/Ubuntu Tips and Tricks

How-To: create a self-signed certificate

Posted by chantra on August 20th, 2007

This tutorial will explain how to create a self-signed certificate that you will be able to use with apache in order to provide ssl support.

A self signed certificate won't provide as much security guarantees than a CA-signed certificate, but at least you will be able to use encrypted connection to your server.

In order to be able to create a certificate, you need to install openssl package:

$ sudo apt-get install openssl

Now you can create a self-signed certificate available for 365 days by typing the following:

$ sudo openssl req -new -x509 -days 365 -nodes -out /path/to/cert.pem -keyout /path/to/cert.pem
Generating a 1024 bit RSA private key
.++++++
...............................................................++++++
writing new private key to '/path/to/cert.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IE
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:example.com
Email Address []:email@example.com

You can now use this certificate with application such as apache, courier ... to provide ssl support.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>