SSL certificate: How to create a self signed SSL certificate using a Linux server

lock

What is an SSL certificate?

An SSL Certificate (A Secure Sockets Layer certificate) is also called as a Digital Certificate. Using this certificate we can creates a secure link between a website and a client’s browser application such as Internet Explorer. By establishing this secure link data that passes between the two nodes remains private and secure. This SSL encryption prevents unauthorized users from reading the private information such as credit card information, etc that passes through this connection.

Two types of SSL certificate, based on authentication authority:

  • Self Signed SSL certificate
  • SSL certificate authorized by a third party CA (Certification Authority)

Steps to create a self signed SSL certificte using a Linux server:

[root@k8s-master ~]# yum install openssl -y
[root@k8s-master ~]# openssl genrsa -des3 -passout pass:x -out keypair.key 2048
[root@k8s-master ~]# ls -l

total 16
-rw——-. 1 root root 1234 Jul 11 13:13 anaconda-ks.cfg
-rw-r--r--. 1 root root 1751 Aug 24 11:14 keypair.key
-rw-r--r--. 1 root root 4775 Jul 19 06:04 temp.txt

[root@k8s-master ~]# mkdir /httpscertificate
[root@k8s-master ~]# openssl rsa -passin pass:x -in keypair.key -out /httpscertificate/20190824.key
[root@k8s-master ~]# ls -l /httpscertificate/

total 4
-rw-r--r--. 1 root root 1679 Aug 24 11:17 20190824.key

[root@k8s-master ~]# rm -f keypair.key

[root@k8s-master ~]# openssl req -new -key /httpscertificate/20190824.key -out /httpscertificate/20190824.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—--
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:KA
Locality Name (eg, city) [Default City]:Banglore
Organization Name (eg, company) [Default Company Ltd]:shiju
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:k8s-master
Email Address []:shiju.mail@gmail.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@k8s-master ~]# ls -l /httpscertificate/

total 8
-rw-r--r--. 1 root root 1045 Aug 24 13:56 20190824.csr
-rw-r--r--. 1 root root 1679 Aug 24 11:17 20190824.key

Here the .key file is the private key that should not be shared with anyone, but kept safe in the web server. The .csr file will have our details including.  The certificate .crt file will be created using both the .csr and .key file as shows below:

[root@k8s-master ~]# openssl x509 -req -days 365 -in /httpscertificate/20190824.csr -signkey /httpscertificate/20190824.key -out /httpscertificate/20190824.crt

The .crt file is the certificate we will be sharing with the public

[root@k8s-master ~]# cat /httpscertificate/20190824.crt

—--BEGIN CERTIFICATE—--
MIIDhjCCAm4CCQC0MQMBTD+rwDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC
SU4xCzAJBgNVBAgMAktBMREwDwYDVQQHDAhCYW5nbG9yZTEOMAwGA1UECgwFc2hp
anUxCzAJBgNVBAsMAklUMRMwEQYDVQQDDAprOHMtbWFzdGVyMSMwIQYJKoZIhvcN
AQkBFhRzaGlqdS5tYWlsQGdtYWlsLmNvbTAeFw0xOTA4MjQxODA5MzhaFw0yMDA4
MjMxODA5MzhaMIGEMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExETAPBgNVBAcM
CEJhbmdsb3JlMQ4wDAYDVQQKDAVzaGlqdTELMAkGA1UECwwCSVQxEzARBgNVBAMM
Cms4cy1tYXN0ZXIxIzAhBgkqhkiG9w0BCQEWFHNoaWp1Lm1haWxAZ21haWwuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YZXv62J2SAqeNj2PyeC
UnE7OOdvH+EeH5HZDPHkqzoWp8n64tivfQgnAQ83F3ymApe7kftRoxtp8vS+7di6
uhyX+St377dr9xh+Eolhgpy32+2oIDw7QihQEenPQKHTW/O8REg/ODbqTXimdjWh
y24z+GmlnjUh+9LYtIx9g7alcTI6KUtrfFEwYBJpBVR8W9cV12JkltSkLSceXd+T
XAhtir5kQwNKcTgw5VnBKSgY/LTl10ujyp5SVEN2IS0jrgzUZAWO4BGHR3LT9iLJ
b5svuQw3qis3kJXobdhTZVbR55mdcBLVV15bW6hpKajucXkPJ0EZZryNvJA40W7m
jQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCKlRydUconpSDho76xwMCfxkXn26gF
gxJI8shzxW1w1V3XWD5ks5DMjuif6FZMaatzNNU8xMR7tB5guu2B+2VqKD/icWt+
y+CoLYJ+DSX9/Nl4SmeaCP1NIuNuvbjaDFvQK5kqayVOj77a0MFRRC91uuJFYWFC
Z3YuflwCpNITHH/uUvan8F0d5VQ0WKgfZHB3glEUwZyPI27eA5NiENdUpa9hByFT
NCv0125zMRzo7wUWY4A0en+Pbz8GbR45gUEMRWn/AtxBY1fiF4Pf7mpEN0/MhczN
02y+eT+0/rUGxKLtkUkjTkfS+j5MGUPiqErz9/bOiqSuYrARHRiVhuVM
—--END CERTIFICATE—--