How to create a self-signed SSL certificate using OpenSSL?
Jul 03, 2025 am 12:30 AM
The key steps to create a self-signed SSL certificate are as follows: 1. Generate the private key, use the command openssl genrsa -out selfsigned.key 2048 to generate a 2048-bit RSA private key file, optional parameter -aes256 to achieve password protection; 2. Create a certificate request (CSR), run openssl req -new -key selfsigned.key -out selfsigned.csr and fill in the relevant information, especially the "Common Name" field; 3. Generate the certificate by self-signed, and use openssl x509 -req -days 365 -in selfsigned.csr -signkey selfsigned.key -out selfsigned.crt issuing a certificate with a validity period of 365 days; 4. Configure the service to use the certificate, configure the generated selfsigned.crt and selfsigned.key to the server such as Nginx, and restart the service to enable HTTPS, but the browser may prompt that the certificate is not trusted and needs to be added manually.
Creating a self-signed SSL certificate is not difficult, but it requires following the correct steps. If you're just using it for testing or internal use, a self-signed certificate is a quick and free option.
Here are a few key steps to create a self-signed SSL certificate using OpenSSL:
Generate a private key
First you need a private key, which is the basis of the certificate. You can use the following command to generate a 2048-bit RSA private key:
openssl genrsa -out selfsigned.key 2048
This command will generate a file called selfsigned.key , which is your private key. Note: This document must be kept well and cannot be disclosed.
If you want to encrypt this private key (such as adding password protection), you can add a parameter to the command:
openssl genrsa -aes256 -out selfsigned.key 2048
This way, you need to enter a password every time you use the private key, which is more secure, but it is also more troublesome.
Create a Certificate Request (CSR)
Next, create a certificate signing request (CSR). Although you end up signing yourself, this step is still necessary. Run the following command:
openssl req -new -key selfsigned.key -out selfsigned.csr
During the execution process, you will be prompted to fill in some information, such as the country, organization name, common name (usually domain name), etc. The most important of these is "Common Name", which should be the domain name you want to use, such as localhost or test.example.com .
These information will be written into the certificate, so please fill it in carefully.
Self-signed certificate generation
With the private key and CSR, you can start generating a self-signed certificate. run:
openssl x509 -req -days 365 -in selfsigned.csr -signkey selfsigned.key -out selfsigned.crt
The meaning of this command is: use the CSR and private key you just generated, and issue a certificate with a validity period of 365 days, and the output file is selfsigned.crt .
Now you have the complete certificate and private key that can be used in local testing environments or intranet services.
Configure the service usage certificate
After you get the certificate, the next step is to configure it to your server. For example, in Nginx, you can set it like this:
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /path/to/selfsigned.crt;
ssl_certificate_key /path/to/selfsigned.key;
}After restarting Nginx, you can access it via HTTPS. The browser may prompt the certificate to be untrusted because it is self-signed and not issued by an authoritative authority. But in a test environment this usually does not affect usage.
If used in mobile applications or in certain clients, you may also need to manually add the certificate to the trust list.
Basically these are the steps. It looks a bit more, but every step is straightforward. Just be careful not to make the file path wrong and fill in the domain name correctly. Generally, there will be no problems.
The above is the detailed content of How to create a self-signed SSL certificate using OpenSSL?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to use Nginx to dynamically load and update SSL certificates
Aug 02, 2023 am 09:05 AM
Overview of how to use Nginx to dynamically load and update SSL certificates: In the environment of the modern Internet, protecting the security of user data is crucial. Among them, using SSL/TLS certificates to encrypt communication with web servers is a common method. However, the traditional method requires manually modifying the Nginx configuration file and reloading the server, which will cause downtime for the website when the certificate is updated. This article will introduce how to use Nginx modules and scripts to dynamically load and update SSL certificates to improve network performance.
How Nginx uses the OpenSSL library for more secure communication
Jun 10, 2023 pm 01:51 PM
Nginx is a software widely used in web servers, load balancers, reverse proxies and caches. During network transmission, data encryption and security have received increasing attention. In order to improve the security of communication, the OpenSSL library can be used to implement the SSL/TLS protocol to protect the transmission of sensitive data. This article will explain how to use Nginx and the OpenSSL library to achieve more secure communication. Install and configure the OpenSSL library. First, you need to install the OpenSSL library on the server. Can make
How to generate a MySQL SSL certificate using OpenSSL
Sep 09, 2023 pm 02:12 PM
Introduction to how to use OpenSSL to generate a MySQL SSL certificate: MySQL is a widely used relational database system. It is very important to use the SSL (SecureSocketsLayer) protocol for encrypted communication in actual production environments. This article will introduce how to use the OpenSSL tool to generate a MySQL SSL certificate and provide corresponding code examples. Steps: Install OpenSSL: First, make sure you have OpenSSL installed on your computer
OpenBLAS installation under CentOS 7 and CentOS 7 OpenSSL installation
Feb 10, 2024 am 11:45 AM
As an open source operating system, LINUX has a wide range of applications and user groups. CentOS7 is a branch version of LINUX. It is built based on the RedHat Enterprise Linux (RHEL) source code and has a high degree of stability and security. It can be installed and configured on CentOS7 OpenBLAS and OpenSSL are common needs of many developers and system administrators. This article will detail how to install and configure OpenBLAS and OpenSSL on CentOS7. OpenBLAS is an open source high-performance mathematics library based on the BLAS (BasicLinearAlgebraSubprograms) interface.
How to install an SSL certificate on IIS and solve the problem of PHP not getting data
Mar 09, 2024 pm 05:09 PM
Install an SSL certificate on IIS and solve the problem that PHP cannot obtain data. In website development, it is very important to use SSL certificates to ensure the security of data transmission. On the Windows platform, IIS (Internet Information Services) is a commonly used web server software. This article will introduce how to install an SSL certificate on IIS and solve the problem that PHP cannot obtain data. 1. Install SSL certificate 1.1 Purchase SSL certificate, usually you will get
What should I do if Windows cannot find the certificate?
Oct 17, 2023 am 11:30 AM
Solution: 1. Check whether the certificate is installed correctly; 2. Check the integrity of the certificate chain; 3. Check the revoked status of the certificate; 4. Check the permission settings of the certificate storage area; 5. Update the operating system and applications.
How to use Pagoda Panel to renew and update SSL certificates
Jun 21, 2023 pm 03:14 PM
With the continuous improvement of network security awareness, more and more websites are beginning to enable SSL certificates. SSL certificates can ensure the safety and reliability of data transmission between the website and users through digital encryption technology. However, SSL certificates also need to be renewed or updated regularly. This article will introduce how to use the Pagoda Panel to renew and update SSL certificates. Log in to the Pagoda Panel First, open your Pagoda Panel URL, enter your username and password to log in to the Pagoda Panel. Enter the SSL certificate management page. Find the "SSL" icon on the homepage of the panel and click it.
How to perform encryption and decryption in OpenSSL basics
May 22, 2023 am 09:20 AM
Speaking of OpenSSL, the first thing to mention is SSL. When we use the Internet every day, I am afraid that no one wants to be monitored by others on the Internet. Therefore, a protocol is needed to protect our network communications. The SSL protocol was developed based on this working background. It can prevent the communication between the user and the server application from being eavesdropped by attackers, and always authenticate the server and optionally authenticate the user. SSL protocols are usually built on top of the reliable Transport Layer Protocol (TCP). The advantage of the SSL protocol is that it is independent of application layer protocols. High-level application layer protocols (such as HTTP, FTP, TELNET, etc.) can be transparently built on the SSL protocol. SSL protocol in application
