{"id":866,"date":"2019-08-24T18:12:54","date_gmt":"2019-08-24T18:12:54","guid":{"rendered":"http:\/\/shijuvarghese.com\/?p=866"},"modified":"2021-09-30T06:04:14","modified_gmt":"2021-09-30T06:04:14","slug":"ssl-certificate-how-to-create-a-self-signed-ssl-certificate-using-a-linux-server","status":"publish","type":"post","link":"http:\/\/shijuvarghese.com\/?p=866","title":{"rendered":"SSL certificate: How to create a self signed SSL certificate using a Linux server"},"content":{"rendered":"<p><strong>What is an SSL certificate?<\/strong><\/p>\n<p>An SSL Certificate (A Secure Sockets Layer certificate) is also called as a Digital Certificate. Using this certificate we can creates a secure link between a website and a client&#8217;s browser application such as Internet Explorer. By establishing this secure link data that passes between the two nodes remains private and secure. This SSL encryption prevents unauthorized users from reading the private information such as credit card information, etc that passes through this connection.<\/p>\n<p><span style=\"text-decoration: underline;\"><b>Two types of SSL certificate, based on authentication\u00a0authority:<\/b><\/span><\/p>\n<ul>\n<li>Self Signed SSL certificate<\/li>\n<li>SSL certificate authorized by a third party CA (Certification Authority)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Steps\u00a0to create a self signed SSL certificte using a Linux server:<\/strong><\/span><\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>yum install openssl -y<\/strong><\/span><br \/>\n[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>openssl genrsa -des3 -passout pass:x -out keypair.key 2048<\/strong><\/span><br \/>\n[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>ls -l<\/strong><\/span><\/p>\n<p style=\"padding-left: 30px;\">total 16<br \/>\n-rw&#8212;&#8212;-. 1 root root 1234 Jul 11 13:13 anaconda-ks.cfg<br \/>\n-rw-r&#8211;r&#8211;. 1 root root 1751 Aug 24 11:14 keypair.key<br \/>\n-rw-r&#8211;r&#8211;. 1 root root 4775 Jul 19 06:04 temp.txt<\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>mkdir \/httpscertificate<\/strong><\/span><br \/>\n[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>openssl rsa -passin pass:x -in keypair.key -out \/httpscertificate\/20190824.key<\/strong><\/span><br \/>\n[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>ls -l \/httpscertificate\/<\/strong><\/span><\/p>\n<p style=\"padding-left: 30px;\">total 4<br \/>\n-rw-r&#8211;r&#8211;. 1 root root 1679 Aug 24 11:17 20190824.key<\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>rm -f keypair.key<\/strong><\/span><\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>openssl req -new -key \/httpscertificate\/20190824.key -out \/httpscertificate\/20190824.csr<\/strong><\/span><\/p>\n<p style=\"padding-left: 30px;\">You are about to be asked to enter information that will be incorporated<br \/>\ninto your certificate request.<br \/>\nWhat you are about to enter is what is called a Distinguished Name or a DN.<br \/>\nThere are quite a few fields but you can leave some blank<br \/>\nFor some fields there will be a default value,<br \/>\nIf you enter &#8216;.&#8217;, the field will be left blank.<br \/>\n&#8212;&#8211;<br \/>\nCountry Name (2 letter code) [XX]:IN<br \/>\nState or Province Name (full name) []:KA<br \/>\nLocality Name (eg, city) [Default City]:Banglore<br \/>\nOrganization Name (eg, company) [Default Company Ltd]:shiju<br \/>\nOrganizational Unit Name (eg, section) []:IT<br \/>\nCommon Name (eg, your name or your server&#8217;s hostname) []:k8s-master<br \/>\nEmail Address []:shiju3124@gmail.com<\/p>\n<p style=\"padding-left: 30px;\">Please enter the following &#8216;extra&#8217; attributes<br \/>\nto be sent with your certificate request<br \/>\nA challenge password []:<br \/>\nAn optional company name []:<\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>ls -l \/httpscertificate\/<\/strong><\/span><\/p>\n<p style=\"padding-left: 30px;\">total 8<br \/>\n-rw-r&#8211;r&#8211;. 1 root root 1045 Aug 24 13:56 20190824.csr<br \/>\n-rw-r&#8211;r&#8211;. 1 root root 1679 Aug 24 11:17 20190824.key<\/p>\n<p>Here the <strong>.key<\/strong> file is the private key that should not be shared with anyone, but kept safe in the web server. The\u00a0<strong>.csr<\/strong> file will have our details including.\u00a0 The certificate\u00a0<strong>.crt<\/strong> file will be created using both the .csr and .key file as shows below:<\/p>\n<p>[root@k8s-master ~]# <span style=\"color: #808080;\"><strong>openssl x509 -req -days 365 -in \/httpscertificate\/20190824.csr -signkey \/httpscertificate\/20190824.key -out \/httpscertificate\/20190824.crt<\/strong><\/span><\/p>\n<p><span style=\"color: #000000;\">The .crt file is the certificate we will be sharing with the public<\/span><\/p>\n<p><span style=\"color: #000000;\">[root@k8s-master ~]#<\/span> <span style=\"color: #808080;\"><strong>cat \/httpscertificate\/20190824.crt<\/strong><\/span><\/p>\n<p style=\"padding-left: 30px;\">&#8212;&#8211;BEGIN CERTIFICATE&#8212;&#8211;<br \/>\nMIIDhj<span style=\"color: #000000;\">CCAm4CCQC0MQMBTD+rwDANBgkqhkiG9w0BAQsFADCBhDELMAkGA1UEBhMC<\/span><br \/>\n<span style=\"color: #000000;\">SU4xCzAJBgNVBAgMAktBMREwDwYDVQQHDAhCYW5nbG9yZTEOMAwGA1UECgwFc2hp<\/span><br \/>\n<span style=\"color: #000000;\">anUxCzAJBgNVBAs<\/span>MAklUMRMwEQYDVQQDDAprOHMtbWFzdGVyMSMwIQYJKoZIhvcN<br \/>\nAQkBFhRzaGlqdS5tYWlsQGdtYWlsLmNvbTAeFw0xOTA4MjQxODA5MzhaFw0yMDA4<br \/>\nMjMxODA5MzhaMIGEMQswCQYDVQQGEwJJTjELMAkGA1UECAwCS0ExETAPBgNVBAcM<br \/>\nCEJhbmdsb3JlMQ4wDAYDVQQKDAVzaGlqdTELMAkGA1UECwwCSVQxEzARBgNVBAMM<br \/>\nCms4cy1tYXN0ZXIxIzAhBgkqhkiG9w0BCQEWFHNoaWp1Lm1haWxAZ21haWwuY29t<br \/>\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YZXv62J2SAqeNj2PyeC<br \/>\nUnE7OOdvH+EeH5HZDPHkqzoWp8n64tivfQgnAQ83F3ymApe7kftRoxtp8vS+7di6<br \/>\nuhyX+St377dr9xh+Eolhgpy32+2oIDw7QihQEenPQKHTW\/O8REg\/ODbqTXimdjWh<br \/>\ny24z+GmlnjUh+9LYtIx9g7alcTI6KUtrfFEwYBJpBVR8W9cV12JkltSkLSceXd+T<br \/>\nXAhtir5kQwNKcTgw5VnBKSgY\/LTl10ujyp5SVEN2IS0jrgzUZAWO4BGHR3LT9iLJ<br \/>\nb5svuQw3qis3kJXobdhTZVbR55mdcBLVV15bW6hpKajucXkPJ0EZZryNvJA40W7m<br \/>\njQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCKlRydUconpSDho76xwMCfxkXn26gF<br \/>\ngxJI8shzxW1w1V3XWD5ks5DMjuif6FZMaatzNNU8xMR7tB5guu2B+2VqKD\/icWt+<br \/>\ny+CoLYJ+DSX9\/Nl4SmeaCP1NIuNuvbjaDFvQK5kqayVOj77a0MFRRC91uuJFYWFC<br \/>\nZ3YuflwCpNITHH\/uUvan8F0d5VQ0WKgfZHB3glEUwZyPI27eA5NiENdUpa9hByFT<br \/>\nNCv0125zMRzo7wUWY4A0en+Pbz8GbR45gUEMRWn\/AtxBY1fiF4Pf7mpEN0\/MhczN<br \/>\n02y+eT+0\/rUGxKLtkUkjTkfS+j5MGUPiqErz9\/bOiqSuYrARHRiVhuVM<br \/>\n&#8212;&#8211;END CERTIFICATE&#8212;&#8211;<\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>What is an SSL certificate? An SSL Certificate (A Secure Sockets Layer certificate) is also called as a Digital Certificate. Using this certificate we can <a class=\"mh-excerpt-more\" href=\"http:\/\/shijuvarghese.com\/?p=866\" title=\"SSL certificate: How to create a self signed SSL certificate using a Linux server\">[&#8230;]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":260,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,28],"tags":[],"class_list":["post-866","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-ssl-connection"],"_links":{"self":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/866","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=866"}],"version-history":[{"count":7,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/866\/revisions"}],"predecessor-version":[{"id":928,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/posts\/866\/revisions\/928"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=\/wp\/v2\/media\/260"}],"wp:attachment":[{"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=866"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=866"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/shijuvarghese.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=866"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}