August 05 2016, 00:00#
Generate a self-signed certificate with OpenSSL
In my self-hosting adventure, I have to secure my web applications with SSL/TLS. The simple and free way is to generate my own certificates.
Edit 2020-10-09: today, for services exposed to the public, the best and simple way is to use Let's Encrypt.
Prerequisites
OpenSSL of course! :)
Install it on Debian GNU/Linux
apt install openssl
On FreeBSD
pkg install openssl
Generate
The following command generates a RSA key and a certificate valid for one year.
openssl req -x509 -nodes -newkey rsa:2048 -keyout example.key -out example.crt -days 365
Some questions will appear, fill it as your needs, but pay attention to the Common Name question.
For a website, this information must be a valid FQDN.
We can use wildcard to secure all subdomains. Example, if we want to secure www.example.com and blog.example.com, we can define the Common Name as *.example.com
.
Tags : unix linux security ssl freebsd