SSL (Secure Socket Layer) is a standard protocol, ensuring a trusted connection between a client and a server. A web site that is secured with SSL, encrypts the sensitive data passed between the browser (client) and the web server. If your web site is serving the public and if it does process sensitive data like credit card details, personal info, authentication data, etc then you will have to get a certificate from a third party trusted CA (Certificate Authority). If otherwise you just need a certificate for testing purpose or your web site has a small trusted audience, then of course this guide may useful. 🙂
The disadvantage comes with a self-signed certificate is that, when you try to browse your page with https it will display a message on the browser saying “This connection is Untrusted”, since browser only trust a list of CAs that are already stored in.
I will briefly state here the steps to create a self-signed certificate for your website. I am working with Apache server on Ubuntu.
Step 1: Enable SSL support comes with apache
Command: sudo a2enmod ssl Each time you do a change in configurations , restart the apache server to apply the changes.
Command: sudo service apache2 restart
Step 2: Generate private server key
You will have to give a password in this step and that password should be remembered to use in next steps.
Command: openssl genrsa -des3 -out server.key 1024
Step 2: Generate Certificate Signing Request (CSR)
In creating CSR process, you will be asked for several question. The important information here is the Common Name (N) which you should give the ‘domain name’ of your web site. If you are purchasing a Certificate from a CA, this csr request should be sent to the 3rd partY CA. Since i am doing local development common name (CN) will be “localhost”.
Command: openssl req -new -key server.key -out server.csrStep 3: Removing pass-phrase of server key
Removing the pass-phrase of server key, so that you won’t need to enter it every time the apache server restart. The server key will not contain the pass-phrase anymore with this command.
Command: cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
Step 4: Generate Certificate using .csr
This will generate a X.509 certificate. So this is the self-signed certificate that we were looking for. 🙂
Command: openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
See the guide: SSL: 02 Installing a self-signed SSL certificate
Cheers ! 🙂