Security threats like data theft etc are on the rise & it is of utmost importance that we employ some security to avoid such incidents. This is especially true when we are trying to access some websites over the public internet & our connections are not secure.
To avoid such unencrypted data transfers, we use SSL certificates. SSL or Secure Socket Layer is a protocol that is used for securing encrypt our website traffic. This avoids data theft, even if the data would have been intercepted by a 3rd party, it will be useless to them as the encryption used to secure the traffic is quite strong.
SSL certificates are of such importance that now almost all web browsers show a warning when we are visiting a website that does not have a valid SSL certificate in use.
The SSL certificate that is used to secure the websites on the Public internet uses SSL certificates that are signed by Certification Authorities (CA) like Comodo, GeoTrust, Symantec, etc & they charge a fee for that. And then there are CAs like Let’s Encrypt which provide SSL certificate for free but for a lesser duration.
But we might not require any of these SSLs when we are using an SSL certificate for the testing environment or for development purposes. There we can only use self-signed certificates.
Recommended Read: How to create an SSL certificate with certbot
Also Read: How to install NGINX from Source packages in Linux
In this tutorial, we will discuss how to create a self-signed certificate in Linux. Let’s discuss the process,
Create Self Signed SSL certificate in Linux
To create a self-signed certificate in Linux, we need to have packages named ‘openssl’ & ‘mod_ssl’ installed on our system. Openssl is installed by default on all Linux distributions & we can install mod_ssl with the following command,
# yum install mod_ssl
Now we can create the SSL certificate using the openssl command mentioned below,
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/ssl.key -out /home/shusain/ssl.crt
To describe the command mentioned above,
openssl is the command for managing SSL,
req –x509 is the public key infrastructure for SSL,
-nodes, means we don’t need a passphrase,
-days 365 is the validity of the certificate in days
-newkey rsa:2048 means cert will 2048 bit long & uses rsa encryption,
-keyout, is the location to Private key,
-out is the location for the certificate.
We need to have both /home/shusain/ssl.key & /home/shusain/ssl.cert to configure it in our webserver. We will be discussing how we can install an SSL certificate in our Nginx as well as Apache in our future tutorials. Please feel free to send in any questions or queries using the comment box below.
Nice Article.