lots of tech info here

Generate self-signed SSL certificate in one line

As a web developer or website owner, you may sometimes need to generate and test your web application using self-signed SSL certificates before buying commercial SSL certificates. Generating self-signed certificates is an easy process. In fact, it's a one-step process.

We will use SHA256 with RSA 2048 encryption. The certificate will be valid for 1 year.

To generate the certificate and key, run this:

  openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt

If you want to include your name or your company name, run this:

  openssl req -subj '/CN=aruljohn.com/O=Arul John/C=US' -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt

Now, you have the certificate server.crt and key server.key. Copy them to a new directory ssl under the web server root directory.

If you use Nginx, here's a sample nginx.conf block:

  server {
      listen      443 ssl;
      server_name localhost;
      root   html;

      ssl on;
      ssl_certificate     /etc/nginx/ssl/server.crt;
      ssl_certificate_key /etc/nginx/ssl/server.key;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

If you use Apache web server, here's a sample apache2.conf (or httpd.conf):

      DocumentRoot html
      ServerName localhost
      SSLEngine on
      SSLCertificateFile /etc/apache2/ssl/server.crt
      SSLCertificateKeyFile /etc/apache2/ssl/server.key

Posted on 05 Apr 2015

If you liked this article, subscribe to our Feed, follow us on Twitter (@aruljohn) and/or join our Facebook Page.

Share this with Others