Creating a Self-Signed SSL Certificate
There is two types of SSL certificates
- Self-signed: generated by user to use in testing/local environments.
- CA signed: generated and signed by CAs (Certificate authorities) to used in production environments.
To generate the self signed SSL Certificate follow these steps as below:
- Generate a Private Key
- Create a CSR ( certificate signing request) using the private key.
- Generate the SSL certification from CSR
Windows
Step 1 – Download OpenSSL Binary Link
Step 2 - Open OpenSSL Command Prompt
Step 3 - Generate private key and certificate signing request
A private key and certificate signing request are required to create an SSL certificate.
These can be generated with a few simple commands.
When the openssl req command asks for a “challenge password”, just press return, leaving the password empty. Since this is a self-signed certificate.
This password is used by Certificate Authorities to authenticate the certificate owner when they want to revoke their certificate.
$ openssl genrsa -aes256 -passout pass:gsahdg -out server.pass.key 4096
...
$ openssl rsa -passin pass:gsahdg -in server.pass.key -out server.key
$ openssl req -new -key server.key -out server.csr
...
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
...
A challenge password []:
...
Step 4 - Generate SSL certificate
The self-signed SSL certificate is generated from the server.key private key and server.csr files
$ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
The server.crt file is your site certificate suitable for use with hosted website along with the server.key private key.
Top comments (1)
This SSL setup allow to use https for local development or localhost