** The (self-signed) SSL certificate generated by the procedure mentioned in this article should be used for testing purpose only **
Generating an SSL certificate is very simple. All you need is openssl package installed on your system. A key point to note here is that SSL certificates contain public key, which is always generated in pair with a private key. Here is the step-by-step procedure to generate one:
Lets first generate a 2048-bit RSA private key.
openssl genrsa -out privkey.pem 2048
$ openssl genrsa -out privkey.pem 2048 Generating RSA private key, 2048 bit long modulus ........................+++ ................+++ unable to write 'random state' e is 65537 (0x10001) $ ls privkey.pem
So, we have the private key in place. This will be used to generate the certificate.
If “unable to write ‘random state'” bothers you, then check this out for a possible solution: http://stackoverflow.com/a/94458
The self-signed certificate
A certificate can now be generated using the following command.
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:XX State or Province Name (full name) [Some-State]:XX Locality Name (eg, city) :XX Organization Name (eg, company) [Internet Widgits Pty Ltd]:XX Organizational Unit Name (eg, section) :XX Common Name (e.g. server FQDN or YOUR name) :XX Email Address :XX $ ls cacert.pem privkey.pem
These files can easily be tested by starting a test SSL/TLS server (s_server(1) and connecting to it using a client (s_client(1)).
$ openssl s_server -port <port> -cert /path/to/cacert.pem -key /path/to/privkey.pem
$ openssl s_client -host <server-host> -port <server-port> -key /path/to/privkey.pem
Reference : https://www.openssl.org/docs/HOWTO/