Self-Signed SSL Certificate Free In Linux
Here is an solution to generate your own Self-Signed SSL Certificate for Internal use. Now a days any website or internal web services need to be updated with SSL Certificate.
What is an SSL?
In general terms SSL will provide an another layer of security to encrypt your data over internet. Secure Sockets Layer, is a standard security protocol to encrypt web server and a browser communication.
Without using SSL Certificate or plain http web server protocol will send your sensitive data such as User name and password Or bank details like credit card information in plain text.
Self-Signed SSL Certificate in Linux
SSL Certificate can be issued by Certificate Authority. Then if you want to generate your own, you can generate your own for internal use only not for external or public internet.
Install Web server services
# yum install httpd* mod_ssl
After successful installation of Apache/HTTPD packages now start web server service using below commands
# systemctl enable httpd.service# systemctl start httpd.service
Enable Firewall ports to allow http and https protocols
# firewall-cmd --permanent --add-service=http # firewall-cmd --permanent --add-service=https # firewall-cmd --reload
Generate Self-Signed SSL Certificate
In order to generate self-signed SSL ceritificate follow below steps in Linux RHEL7 or Centos 7
$ sudo openssl req -new > certificate.csr Generating a 2048 bit RSA private key ....................................................+++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) :Telangana Locality Name (eg, city) [Default City]:Hyderabad Organization Name (eg, company) [Default Company Ltd]:Server Computer Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :server-computer.local Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :redhat An optional company name :server computer $ ls certificate.csr privkey.pem
Now Generate .key file using .pem use below command
$ openssl rsa -in privkey.pem -out keyfile.key Enter pass phrase for privkey.pem: writing RSA key
A Final Step to get cert file
$ openssl x509 -in certificate.csr -out cert.cert -req -signkey keyfile.key -days 365 Signature ok subject=/C=IN/ST=Telangana/L=Hyderabad/O=Server Computer/OU=IT/CN=server-computer.local Getting Private key
Secure SSL Certificates
To avoid access to anybody else move certs to secure place and change permissions
$ mkdir -p /etc/pki/tls/private/$ mkdir -p /etc/pki/tls/certs/ $ mv cert.cert /etc/pki/tls/certs/server.crt $ mv keyfile.key /etc/pki/tls/private/server.key
Now write SSL config and enable https communication
# vim /etc/httpd/conf.d/ssl.conf <VirtualHost *:443> ServerAdmin root@localhost ServerName server-computer.local DocumentRoot /var/www/html SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key </VirtualHost>
Ensure above parameters are enabled in ssl.conf file. Restart http/apache/web server services
Add host entry in /etc/hosts and check syntax
# httpd -t
Now Access your web server URL using https://url. That’s it you have successfully generate self-signed SSL Certificated and configured web server.