Generate Self-Signed SSL Certificate with OpenSSL

From Bonus Bits
Jump to: navigation, search


This article gives the steps to generate a Self Signed SSL/TLS Certificate with OpenSSL on Linux for a web site.


  • openssl

Gitlab Njinx Example

  1. Create Private Key
    sudo openssl genrsa -des3 -out /etc/gitlab/ssl/ 2048
    1. Enter Pass phrase and remember for later
  2. Create Certificate Request
    sudo openssl req -new -key /etc/gitlab/ssl/ -out /etc/gitlab/ssl/
    OR Combo Command Create Private Key and Request
    openssl req -nodes -newkey rsa:2048 -keyout -out
    1. Enter Country Name US
    2. Enter State or Province Full Name
    3. Enter City Name
    4. Enter Organization Name
    5. Enter Company Name
    6. Enter Organizational Unit Name
    7. Enter server hostname i.e. URL
    8. Enter Admin Email Address
    9. Skip Challenge Password (Hit Enter)
    10. Skip Optional Company Name (Hit Enter)
  3. Remove Pass Phrase from Private Key
    sudo cp -v /etc/gitlab/ssl/{key,original}
    sudo openssl rsa -in /etc/gitlab/ssl/ -out /etc/gitlab/ssl/
    sudo rm -v /etc/gitlab/ssl/
  4. Create Certificate
    sudo openssl x509 -req -days 1460 -in /etc/gitlab/ssl/ -signkey /etc/gitlab/ssl/ -out /etc/gitlab/ssl/
  5. Remove Certificate Request File
    sudo rm -v /etc/gitlab/ssl/
  6. Set file permissions
    sudo chmod 600 /etc/gitlab/ssl/*