Generate a self-signed certificate with OpenSSL

In my self-hosting adventure, I have to secure my web applications with SSL/TLS. The simple and free way is to generate my own certificates.

Edit 2020-10-09: today, for services exposed to the public, the best and simple way is to use Let's Encrypt.

Prerequisites

OpenSSL of course! :)

Install it on Debian GNU/Linux

apt install openssl

On FreeBSD

pkg install openssl

Generate

The following command generates a RSA key and a certificate valid for one year.

openssl req -x509 -nodes -newkey rsa:2048 -keyout example.key -out example.crt -days 365

Some questions will appear, fill it as your needs, but pay attention to the Common Name question.

For a website, this information must be a valid FQDN.

We can use wildcard to secure all subdomains. Example, if we want to secure www.example.com and blog.example.com, we can define the Common Name as *.example.com.

Tags : unix linux security ssl freebsd