Create self-signed certificates using OpenSSL
To create a self-signed certificate using OpenSSL:
- Locate OpenSSL CA.pl file in the bin folder within the OpenSSL folder. This file is required to create a dummy CA certificate file.
- Create a temporary directory to store the certificates and navigate to it in the command line.
-
Run the following command for your operating system. Edit the path as required.
- Linux
-
/usr/lib/ssl/misc/CA.pl -newca
- Windows
-
C:\OpenSSL-Win32\bin\CA.pl -newca
This creates demoCA/cacert.pem (CA Certificate) and demoCA/private/cakey.pem (private key).
-
Run the following command to make a server certificate signing request (CSR):
openssl req -newkey rsa:2048 -nodes -keyout newreq.pem -out newreq.pem
Common Name is the fully qualified domain name (FQDN) of your server. This must match the host name of the server.
-
Run the following command for your operating system. Edit the path as required.
- Linux
-
/usr/lib/ssl/misc/CA.pl -sign
- Windows
-
C:\OpenSSL-Win32\bin\CA.pl -sign
You should have the following files:
-
cacert.pem
-
newreq.pem
-
newcert.pem
-
Rename the following files:
-
Rename newreq.pem to serverkey.pem.
-
Rename newcert.pem to servercert.pem.
-