An SSL certificate secures the communication between the user and the web server. For commercial reasons it is required to use an SSL certificate from a Certificate Authority but if you would like to secure the data transfer on a personal application, you can do so by using a self signed SSL certificate. The following steps will help you to create a Certificate Signing Request (CSR) and then sign the certificate yourself or send it to the CA to sign it.
So let’s get started. You need to install OpenSSL. I am using Ubuntu 8.04 with Apache ver 2.
If you haven’t yet installed OpenSSL, you can do so by typing the following on your command prompt:
apt-get install openssl
Most of the steps require administrator access so make sure that you have made yourself administrator using su or you are using sudo in front of all of the commands.
Now create your server.key file using the following command:
openssl genrsa -des3 -out server.key 4096
Now create a Certificate Signing Request (CSR) using the following command
openssl req -new -key server.key -out server.csr
This certificate signing request can now be sent together with the server.key file to the Certificate Authority (CA)
If you are only going to use an SSL certificate internally or for testing purposes, you can sign the certificate yourself, these certificates are called Self Signed Certificates. Follow the following steps to sign the certificate yourself:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The above command creates server.crt which is the certificate signed by yourself. You can use it to secure all the data transfer between your server and client. But your server.key still uses a password (passphrase that you provided while creating the server.key file). Let’s create a version of the key which doesn’t need a password:
openssl rsa -in server.key -out server.key.insecure
Copy the original server.key file as server.key.secure to keep it safe.
mv server.key server.key.secure
Now rename server.key.insecure (the one which doesn’t require any password) as server.key
mv server.key.insecure server.key
Now, you are ready to use the server.key and server.crt to secure your web applications. If you don’t know how to use it, check out the next article on how to use Webmin to setup SSL for your website.
