December 20, 2011

Self Signed SSL Certificate

Hi! This is quick step to generate self-signed SSL certificate. This certificate usually used to enable HTTPS in local web server. In my example, I need PHPMyAdmin to be available over HTTPS.




Let's get started. First, create RSA key.

$ openssl genrsa -des3 -out server.key
Generating RSA private key, 512 bit long modulus
....++++++++++++
...................................................++++++++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: KUNCINYA
Verifying - Enter pass phrase for server.key: KUNCINYA

Please remember the pass phrase that You typed. Next, create Certificate Signing Request (CSR).

$ openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: KUNCINYA
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:DKI
Locality Name (eg, city) []:Jakarta
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ARDHYWWW        
Organizational Unit Name (eg, section) []:Development
Common Name (eg, YOUR name) []:Ardhy
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Then, create the backup of server.key as server.key.org, the remove the pass phrase from the key. This is usually used to avoid pass phrase being asked by Apache each time it's started.

$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
Enter pass phrase for server.key.org: KUNCINYA
writing RSA key

OK! Next, self-sign the CSR.

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=ID/ST=DKI/L=Jakarta/O=ARDHYWWW/OU=Development/CN=Ardhy
Getting Private key

Now, install it in Nginx or Apache SSL configuration file.