Skip to main content

General Documents

Create Self-Signed SSL Certificate

A self-signed SSL certificate is signed by the user who created it in place of a certifying authority and has the same level of encryption. Web browsers do not recognize the self-signed certificates as valid and display a warning message. You can configure the browser to ignore such warnings

This article describes how to create a self-signed certificate for CentOS and RHEL-based distribution using OpenSSL.

Before you Start

Ensure that you have:

  • Access to a command line or terminal window

  • Sudo or root privileges

To verify if the openssl package is already installed, run the following command:

openssl version

If the openssl package is installed, this command displays the OpenSSL version.

For more information on OpenSSL commands, see OpenSSL Documentation.

Steps

  1. Install OpenSSL

  2. Create Self-Signed Certificate

Install OpenSSL

On a CentOS and RHEL-based distribution, run the following command to install the openssl package:

sudo yum install openssl

Create Self-Signed Certificate

To create a Self-Signed SSL Certificate, run the following openssl req command:

 openssl req -newkey rsa:4096 \
            -x509 \
            -sha256 \
            -days 3650 \
            -nodes \
            -out example.crt \
            -keyout example.key \
            -subj "/C=US/ST=New York/L=New York/O=Security/OU=IT Department/CN=www.myorg.com"

Command Description

  • -newkey rsa:4096: Creates a certificate request and a 4096-bit RSA key. The default value is 2048 bits.

  • -x509: Creates a X.509 Certificate.

  • -sha256: Uses 265-bit SHA (Secure Hash Algorithm).

  • -days 3650: The number of days to certify the certificate. You can enter any positive integer.

  • -nodes: Creates a key without a passphrase.

  • -out example.crt: Specifies the filename to write the newly created certificate. You can specify any file name.

  • -keyout example.key: Specifies the filename to write the newly created private key. You can specify any file name.

  • -subj: Specifies the following location and domain details:

    • C: Enter the two-letter ISO abbreviation of a country name.

    • ST: Enter a state or province name.

    • L: Enter a locality name.

    • O: Enter the name of your organization.

    • OU: Enter the name of an organization.

    • CN: Enter a fully qualified domain name.

Sample Output

Generating a RSA private key.....................................++++
........++++
writing new private key to 'example.key'
-----

To verify if the certificate is created, run the following command:

ls

If the certificate is created, then the output displays the .crt and .key file names.