Generate self-signed SSL certificate in one line
As a web developer or website owner, you may sometimes need to generate and test your web application using self-signed SSL certificates before buying commercial SSL certificates. Generating self-signed certificates is an easy process. In fact, it's a one-step process.
We will use SHA256 with RSA 2048 encryption. The certificate will be valid for 1 year.
To generate the certificate and key, run this:
openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt
If you want to include your name or your company name, run this:
openssl req -subj '/CN=aruljohn.com/O=Arul John/C=US' -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt
Now, you have the certificate server.crt
and key server.key
. Copy them to a new directory ssl
under the web server root directory.
If you use Nginx, here's a sample nginx.conf block:
server { listen 443 ssl; server_name localhost; root html; ssl on; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; }
If you use Apache web server, here's a sample apache2.conf (or httpd.conf):
<VirtualHost 192.168.1.1:443> DocumentRoot html ServerName localhost SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key </VirtualHost>
Disable https warning from Chrome
When you navigate to https://localhost, on some browsers like Chrome, you get this Not Secure warning. You can disable it in Chrome by following these steps:
1) Open Chrome and enter this in the address bar
chrome://flags/#allow-insecure-localhost
You will see this on the top:
Allow invalid certificates for resources loaded from localhost. Mac, Windows, Linux, Chrome OS, Android Allows requests to localhost over HTTPS even when an invalid certificate is presented. #allow-insecure-localhost Enable
2) Then, enter this in the address bar
chrome://net-internals/#hsts
Enter localhost in the Domain field.
Restart Chrome and go back to https://localhost. Hopefully, it should not show the No Secure warning.
Created on 05 April 2015
Affiliate Disclosure: Some of the links to products on this blog are affiliate links. It simply means, at no additional cost to you, we’ll earn a commission if you click through and buy any product.