Create a self-signed SSL Certificate using OpenSSL.


In this blog I’ll be giving a little bit of insight on SSL certificates and then how to create a self-signed certificate using OpenSSL.

Let’s start with  What is an SSL Certificate?

SSL stands for Secure Socket Layer. SSL is a global standard technology that creates encrypted communication between web browser and web server. It helps to decrease the risk of losing your personal information(e.g passwords, emails, credit card numbers etc.) .

To create this secure connection a SSL Certificate is used, which is installed on the web server. So, SSL Certificate is a bit of code on your web server that provides security for your online communications. SSL certificate also contains identification information(i.e your organisational information).

SSL Certificates mainly serves two functions:

  • Authenticates the identity of the servers(so that users know that they are not sending their information to wrong server).
  • Encrypts the data that is being transmitted.

Now,

Securing your application with an SSL certificate is extremely important. In most of the situations we require a trusted certificate(generated by CA-Certification Authority), but there are many cases where you can use a self signed certificate.

So, the next question comes is when to use a self-signed certificate?”

A self-signed certificate is a certificate that is signed by its own creator rather than a trusted authority. Self signed certificates are less trustworthy, since any attacker can create a self signed certificate and launch a man in the middle attack.

Self-signed certificates can be used at places like:

  • Intranet
  • Personal sites with few visitors
  • During development or testing phase of your application you can use self-signed certificate.

Never use a self signed certificate on applications that transfers valuable information like credit card numbers, bank account numbers etc.

When using a self-signed certificate, visitors will see the following  warning in their browser until the user permanently stores the certificate in their certificate store.

screenshot

So, till now you got the insight on SSL certificates. Now lets see how to create one using OpenSSL.

Creating a self-signed certificate using OpenSSL

OpenSSL is a command line tool that is used for TLS(Transport Layer Security) and SSL(Secure Socket Layer) protocols.

Now let’s create the certificate:

  • Open terminal(linux).
  • Run the following commands:
  1. openssl genrsa -des3 -out server.key 2048
  2. openssl req -new -key server.key -out server.csr
  3. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The first command will generate a 2048 bit(recommended) RSA private key . After running the command it will ask for the passphrase. If you want to create a key without the passphrase you can remove the (-des3) from the command.

The second command generates a CSR(Certificate Signing Request).  The CA will use the .csr file and issue the certificate, but in your case you can use this .csr file to create your self-signed certificate. Once you run the command, it will prompt you to enter your country, company name, etc.

desktop

If you want to configure your certificate for localhost you can give ‘localhost’ in Common Name field instead of  domain name.

The third command will create the self-signed x509 certificate suitable for use on web server.

So this is how you can create a self-signed certificated. In my next blog, I will be explaining KeyStore generation in PKCS12 Format. Here is the link:

https://blog.knoldus.com/2016/10/26/how-to-create-a-keystore-in-pkcs12-format/

Enjoy ! 🙂

References:

https://www.openssl.org/

https://www.sslshopper.com/


KNOLDUS-advt-sticker

This entry was posted in Scala, Security and tagged , , , , , , , , , , , , . Bookmark the permalink.

7 Responses to Create a self-signed SSL Certificate using OpenSSL.

  1. Prabhat Kashyap says:

    Reblogged this on Prabhat Kashyap – Scala-Trek.

  2. Snorlax says:

    For personal blog users like me just use let’s encrypt!

  3. Pingback: How to create A KeyStore in PKCS12 Format. | Knoldus

  4. Pingback: Handling HTTPS requests with Akka-HTTPS Server | Knoldus

  5. Pingback: Handling HTTPS requests with Akka-HTTPS | DRK™

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s