Skip to main content

Create a Self-Signed SSL Certificate

If you do not have a local CA, you can create a self-signed certificate. An example implementation is shown below.

To create a self-signed SSL certificate:

  1. Generate your private key:

     openssl genrsa -des3 -out csi.key 2048

  2. Generate a Certificate Signing Request (CSR). Fill in the questions with the appropriate values – remember Common Name (CN) should match the hostname of your server:

     openssl req -new -key csi.key -out csi.csr

  3. Sign your certificate:

     openssl x509 -req -days 365 -in csi.csr -signkey csi.key -out csi.crt

  4. Remove password from your key, so httpd will start without prompting for it:

     mv csi.key csi.key.secure
     openssl rsa -in csi.key.secure -out csi.key

  5. Copy the files to the proper locations:

     cp csi.key /etc/pki/tls/private/
     cp csi.crt /etc/pki/tls/certs/