Self-Signed SSL Certificate Free In Linux

Here is an solution to generate your own Self-Signed SSL Certificate for Internal use. Now a days any website or internal web services need to be updated with SSL Certificate.

What is an SSL?

In general terms SSL will provide an another layer of security to encrypt your data over internet.  Secure Sockets Layer, is a standard security protocol to encrypt web server and a browser communication.

Without using SSL Certificate or plain http web server protocol will send your sensitive data such as User name and password Or bank details like credit card information in plain text.

Self-Signed SSL Certificate in Linux

SSL Certificate can be issued by Certificate Authority. Then if you want to generate your own, you can generate your own for internal use only not for external or public internet.

Install Web server services

# yum install httpd* mod_ssl

After successful installation of Apache/HTTPD packages now start web server service using below commands

# systemctl enable httpd.service# systemctl start httpd.service

Enable Firewall ports to allow http and https protocols

# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent --add-service=https
# firewall-cmd --reload

Generate Self-Signed SSL Certificate

In order to generate self-signed SSL ceritificate follow below steps in Linux RHEL7 or Centos 7

$ sudo openssl req -new > certificate.csr
Generating a 2048 bit RSA private key
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Telangana
Locality Name (eg, city) [Default City]:Hyderabad
Organization Name (eg, company) [Default Company Ltd]:Server Computer
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:server-computer.local
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:redhat
An optional company name []:server computer

$ ls
certificate.csr privkey.pem

Now Generate .key file using .pem use below command

$ openssl rsa -in privkey.pem -out keyfile.key
Enter pass phrase for privkey.pem:
writing RSA key

A Final Step to get cert file

$ openssl x509 -in certificate.csr -out cert.cert -req -signkey keyfile.key -days 365
Signature ok
subject=/C=IN/ST=Telangana/L=Hyderabad/O=Server Computer/OU=IT/CN=server-computer.local
Getting Private key

Secure SSL Certificates

To avoid access to anybody else move certs to secure place and change permissions

$ mkdir -p /etc/pki/tls/private/$ mkdir -p /etc/pki/tls/certs/
$ mv cert.cert /etc/pki/tls/certs/server.crt
$ mv keyfile.key /etc/pki/tls/private/server.key

Now write SSL config and enable https communication

# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
 ServerAdmin root@localhost
 ServerName server-computer.local
 DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Ensure above parameters are enabled in ssl.conf file. Restart http/apache/web server services

Add host entry in /etc/hosts and check syntax 

# httpd -t

Now Access your web server URL using https://url. That’s it you have successfully generate self-signed SSL Certificated and configured web server.

Related Articles

Create ISO File in Linux

ImportError Python

Linux Video tutorial

Thanks for your wonderful Support and Encouragement

Ankam Ravi Kumar

I am Ravi Kumar the Founder and Chief Editor of server-computer.com & arkit.co.in. Certified RHCSA, RHCE, NCSA, NCDA, NCIE and JCHNP. Working as an IT Professional since 2008. Storage domain specialist.

Leave a Reply

Your email address will not be published. Required fields are marked *