At times, you may need to create self-signed SSL / TLS certificates to make your local or development web applications run. You can generate self-signed SSL certificates valid for 10 years, using just one command.
We will use SHA256 with RSA 4096 encryption. The certificate will be valid for 10 years.
Create SSL certificate and key using OpenSSL command
I want to create a certificate with the following details:
- RSA 4096
- SHA 256
- CN=aruljohn.com
- O=Arul John
- C=US
To generate or create the SSL certificate and key, run this:
openssl req -x509 -newkey rsa:4096 -subj '/CN=aruljohn.com/O=Arul John/C=US' -new -sha256 -days 3650 -nodes -keyout server.key -out server.crt
The certificate is saved as server.crt and the key is saved as server.key
Verify the certificate lifetime
Run this command to verify that the certificate is really for 10 years.
openssl x509 -in server.crt -text -noout -dates | grep notAfter
Output:
notAfter=Feb 3 22:25:25 2035 GMT
The date of expiration will be 10 years from the time of certificate creation.
Configure web server
Now, you have the certificate server.crt and key server.key. Copy them to a new directory ssl under the web server root directory.
If you use Nginx, here's a sample nginx.conf block:
server {
listen 443 ssl;
http2 on;
server_name localhost;
root html;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1.3;
}
If you use Apache web server, here's a sample apache2.conf (or httpd.conf):
<VirtualHost 192.168.1.1:443>
DocumentRoot html
ServerName localhost
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
</VirtualHost>
Disable https warning from Chrome
When you navigate to https://localhost, on some browsers like Chrome, you get this Not Secure warning. You can disable it in Chrome by following these steps:
Open Chrome and enter this in the address bar
chrome://flags/#allow-insecure-localhost
You will see this on the top:
Allow invalid certificates for resources loaded from localhost. Mac, Windows, Linux, Chrome OS, Android
Allows requests to localhost over HTTPS even when an invalid certificate is presented. #allow-insecure-localhost
Enable
Enter this in the address bar
chrome://net-internals/#hsts
Enter localhost in the Domain field.
Restart Chrome and go back to https://localhost. Hopefully, it should not show the No Secure warning.
Disable https warning from Mozilla Firefox
If you are using Firefox, this blog post should help you disable the insecure SSL warning in Firefox.
Conclusion
Thanks for reading. Any tips or suggestions in creating SSL certificates are welcome.
Related Posts
If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.