Create a Self-Signed SSL Certificate

SSL certificate is a digital certificate use by web server who run an encrypted and secure network connection. Every web server needs SSL certificate to enable secure connection. But each SSL certificate can only be use by one domain. So if you have four website on your server and want to enable secure connection on all your website you have to buy SSL certificates from SSL certificate providers like Verisign, Geotrust, and COMODO.

But if you want to use it only for your blog/website admin panel, you can always create you self-signed SSL certificate. Creating one only take a few minute and cost nothing. Let’s start with the tools required to create your self-signed SSL cert. First you should have OpenSSL installed on your Linux operating system. If you do not then refer your Linux Distro manual on how to install package or software because this will not covered by this tutorial.

Okay, open your Linux terminal and create a folder. You can select any name. But for this tutorial I create a folder name ssl using the following command.

mkdir ssl

Now type following command to create your SSL key.

openssl genrsa 1024 > mydomain.key

It will create a 1024 bit SSL key named mydomain.key on that folder. Because you don’t want everyone can read the key you should chage its permission. The following command will change the key permission to read only for root while group and other user do not have read permission or write premission.

chmod 400 host.key

Now it time to create your certificate. use the following command.

openssl req -new -x509 -nodes -sha1 -days 365 -key mydomain.key > mydomain.cert

This command will asks you to input some information related to the certificate. And the screenshot below is the example output of the command.

Ok, lets go through what input did the command asks you to key-in. The first line is your country code. If you do not know your country code you can refer ISO_3166-1_alpha-2. The second line is your State, and next is your City. In the forth line input your Organization Name, and input your Organizational Unit Name in the fifth line. The next line (Common Name) is really important, you should input your domain name here. If you use www on your domain you should input www.mydomain.com and for non-www use mydomain.com and for subdomain input the complete subdomain name e.g., subdomain.mydomain.com. The last line is your email address, just key-in your preferred email address here.

Once completed, a file named mydomain.cert will be created on the current directory. Now you have a two files on your ssl directory. You can upload it to your server and configure your server to enable ssl connection. I will not cover server configuration as I will discussed it on my next tutorial. If everything is configure properly, you can access you website by typing https://www.mydomain.com.

The only issued using self-signed SSL certificate is that your browser will display a warning about untrusted certificate. But you can always ignored this warning because you are the only one that accesses your admin area and you are the one that issued the certificate. So do not worry about untrusted certificate.

Lastly, if you have any comments or question, do not hesitate to leave a comments because I will be happy to read your comment and answer your question.