1. Guides & Tutorials
  2. Security, Upgrades & Backups
  3. SSL Certificates
  4. How to Make a Self-Signed SSL Certificate

How to Make a Self-Signed SSL Certificate

Updated by Linode Written by Linode

Contribute on GitHub

Report an Issue | View File | Edit File

Deprecated
This guide has been deprecated and is no longer being maintained.
Caution
This guide has been split into two guides, for Debian & Ubuntu and CentOS & Fedora.

This guide explains the creation of a self-signed SSL certificate, suitable for personal use or for applications used internally in an organization. The end product may be used with SSL-capable software such as web servers, email servers, or other server systems. We assume that you’ve followed the steps outlined in our getting started guide, and that you’re logged into your Linode as root via a shell session.

Installing OpenSSL

Issue the following command to install required packages for OpenSSL, the open source SSL toolkit.

Debian/Ubuntu users:

apt-get update
apt-get upgrade
apt-get install openssl
mkdir /etc/ssl/localcerts

CentOS/Fedora users:

yum install openssl
mkdir /etc/ssl/localcerts

Creating a Self-Signed Certificate

As an example, we’ll create a certificate that might be used to secure a personal website that’s hosted with Apache. Issue the following commands:

openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/example.com.crt -keyout /etc/ssl/localcerts/example.com.key
chmod 600 /etc/ssl/localcerts/example.com*

Change example.com in the above commands to correspond to the domain you are generating the certificate for

You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. We’ve specified the FQDN (fully qualified domain name) of the Linode for the “Common Name” entry, as this certificate will be used for generic SSL service. The -nodes flag instructs OpenSSL to create a certificate that does not require a passphrase. If this option is omitted, you will be required to enter a passphrase on the console to unlock the certificate each time the server application using it is restarted (most frequently, this will happen when you reboot your Linode).

Next Steps

Once your certificate has been generated, you will need to configure your web server to utilize the new certificate. Instructions for doing so with several popular platforms can be found at the links below:

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Join our Community

Find answers, ask questions, and help others.

This guide is published under a CC BY-ND 4.0 license.