MKWii.org

Full Version: Self Signed SSL Mini Guide
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Self signed SSL certificates are a great way to test your http software before obtaining a CA approved certificate for production use. However some people prefer self signed SSL's over a CA-approved one due to full control of your certificate. These commands should also work in a BSD operating system. As far as I know, openssl comes standard on all Linux OS's. If not, update your repo's and install openssl.

First we need to generate a private key.


openssl genrsa -out /etc/ssl/private/private.key XXXX

XXXX (RSA key bit size) = 2048, 4096, or 8192. You could go lower than 2048 but that would be foolish for a production server. Fine for testing though. More and more sites are now moving to 4096. It's becoming the new standard.

openssl req -new -x509 -key /etc/ssl/private/private.key -shaYYY -utf8 -out /etc/ssl/certificate.pem -days ZZZ

YYY (strength of hash) = 256, 384, or 512. Just use 256 if this is merely for testing purposes.
ZZZ (length of validity for SSL certificate) = If this is used for testing, put whatever you want. If you are using this for a production server, it still doesn't really matter, since with self signed SSL's, you can easily just make a new one if needed.

All done! Just use the correct paths for your key and cert when configuring TLS on your http software.