Articles

How to Create a Self-Signed SSL Certificate

You can test SSL deployment by generating a self-signed SSL certificate. Keep in mind that self-signed certificates are not recognized as valid by any browser.

You only need to generate your own self-signed SSL certificates if you are using subdomains and wildcard domains. For everything else, you can use ServerPilot's AutoSSL feature.

First, create an SSL key and CSR by running the following commands on your server:

mkdir -p ~/certs/YOUR_DOMAIN_NAME
cd ~/certs/YOUR_DOMAIN_NAME
(umask 077 && touch ssl.key)
openssl req -new -newkey RSA:2048 -nodes -keyout ssl.key -out ssl.csr

You will be prompted to answer a few questions. There are two questions that are critical to answer correctly:

  1. Common name: Your domain name. For example, foo.com. Nowadays, you generally should not enter www. as your Certificate Authority should make the certificate work both with www and without. However, you should check with your Certificate Authority to find out.
  2. Password: Do not enter a password or challenge phrase. Just hit enter when you're asked for a password.

When done, you will have a directory called certs/YOUR_DOMAIN_NAME in your home directory that contains two files:

  1. ssl.key—This file contains your SSL private key. Don't lose it!
  2. ssl.csr—This file contains your Certificate Signing Request.

Once you have your CSR, run the following command to create a self-signed certificate:

openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt

Your self-signed SSL certificate will be in the file ssl.crt.