Creating a self-signed SSL certificate on Linux is quite easy and can be done with just a few clicks. You can use a self-signed certificate to secure the connection between your web server and a visitor’s browser. Linux makes it easy for you to generate a certificate and sign it with a private key.
So you can create your own SSL certificates directly from your Linux terminal.
What is an SSL Certificate?
SSL stands for Secure Socket Layer. An SSL certificate verifies the identity of a website and enables an encrypted (secure) connection between the website and your browser.
A secure connection encrypts all data sent back and forth between your web browser and the server with which you communicate. This prevents a person or a computer in the middle from intercepting and reading the transmitted data.
Can I use a self-signed SSL certificate on my website?
You can install and use your own self-signed SSL certificate on your website and enable encrypted connections. However, since the certificate was not signed by a trustworthy certification authority, the visitors’ web browsers display a warning to this effect and indicate that the site cannot be uniquely identified for this reason.
For this reason, self-signed certificates are generally best used for development and testing purposes, or for applications such as a corporate or home intranet where users come from an internal network and do not connect through the Internet.
Again, it’s important to note that while a self-signed SSL certificate can cause warnings in your web browser, it still allows for a secure connection that works just like any certificate issued by any of the trusted authorities.
If you want to generate an SSL certificate for a public website but want to make sure that users don’t receive confusing warnings, then you should take a look at how to set up a free SSL certificate from a trusted certification authority.
Install OpenSSL on Linux
To generate a self-signed SSL certificate on Linux, you first need to make sure that OpenSSL is installed. To do this, open a terminal and enter the appropriate commands for the distribution you are using.
sudo apt install openssl
If you are using an RPM based distro like Fedora or CentOS:
sudo dnf install openssl
To install OpenSSL on Arch Linux:
pacman -S openssl
It should take a few moments for your system to download and install the file open Package.
Create your self-signed SSL certificate
Once you’ve made sure that OpenSSL is installed, you can create your SSL certificate by entering a single command. OpenSSL creates the certificate and the corresponding encryption key in the current directory. So make sure you are in the directory where you want your certificate and key to be saved before entering any other commands.
To create your self-signed SSL certificate, at the command prompt, enter the following command and replace the two instances of myserver with the filenames you want to use.
openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out myserver.crt -keyout myserver.key
The command generates a certificate and a private key that is used to sign the certificate. You can name the files whatever you want. The above command generates a self-signed certificate with 4096-bit encryption that is valid for 365 days.
To complete the process, the system asks several questions about the organization for which the certificate is intended. If you only intend to use the certificate for personal development or testing purposes, you can enter any values you want, except for Common names Area. In this field you should enter the domain name of the website where you want to install the certificate.
Your SSL certificate is now ready for use
That’s all there is to it. You should now have an SSL certificate (CRT file) and the encryption key (KEY file) used for signing. Simply follow the instructions on the platform on which you want to install your certificate and you will be able to connect to your website using encrypted HTTPS connections.
Not many Linux users know this, but you can also use OpenSSL to encrypt files, entire hard drive directories, and more.