Generate Self-Signed SSL Certificate with OpenSSL

From Bonus Bits
Jump to: navigation, search

Purpose

This article gives the steps to generate a Self Signed SSL/TLS Certificate with OpenSSL on Linux for a web site.


Prerequisites

  • openssl


Gitlab Njinx Example

  1. Create Private Key
    sudo openssl genrsa -des3 -out /etc/gitlab/ssl/gitlab.domain.com.key 2048
    
    1. Enter Pass phrase and remember for later
  2. Create Certificate Request
    sudo openssl req -new -key /etc/gitlab/ssl/gitlab.domain.com.key -out /etc/gitlab/ssl/gitlab.domain.com.csr
    
    OR Combo Command Create Private Key and Request
    openssl req -nodes -newkey rsa:2048 -keyout gitlab.domain.com.key -out gitlab.domain.com.csr
    
    1. Enter Country Name US
    2. Enter State or Province Full Name
    3. Enter City Name
    4. Enter Organization Name
    5. Enter Company Name
    6. Enter Organizational Unit Name
    7. Enter server hostname i.e. URL gitlab.domain.com
    8. Enter Admin Email Address
    9. Skip Challenge Password (Hit Enter)
    10. Skip Optional Company Name (Hit Enter)
  3. Remove Pass Phrase from Private Key
    sudo cp -v /etc/gitlab/ssl/gitlab.domain.com.{key,original}
    
    sudo openssl rsa -in /etc/gitlab/ssl/gitlab.domain.com.original -out /etc/gitlab/ssl/gitlab.domain.com.key
    
    sudo rm -v /etc/gitlab/ssl/gitlab.domain.com.original
    
  4. Create Certificate
    sudo openssl x509 -req -days 1460 -in /etc/gitlab/ssl/gitlab.domain.com.csr -signkey /etc/gitlab/ssl/gitlab.domain.com.key -out /etc/gitlab/ssl/gitlab.domain.com.crt
    
  5. Remove Certificate Request File
    sudo rm -v /etc/gitlab/ssl/gitlab.domain.com.csr
    
  6. Set file permissions
    sudo chmod 600 /etc/gitlab/ssl/gitlab.domain.com.*