Tutorial: How to Generate A Self Sign Cert with OpenSSL on CENTOS
What is openSSL and SSL, and why should you care?
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols as well as a full-strength general purpose cryptography library.
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser; or a mail server and a mail client.
Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information. SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely.
It’s pretty much straight forward, and easy to generate as illustrated below.
| #Verfiy opensssl is installed | |
| rpm -qa | grep -i openssl | |
| #If it's not installed | |
| yum install openssl openssl-devel | |
| #Generate RSA key | |
| openssl genrsa -out domain.com.key 2048 | |
| #Create CSR | |
| openssl req -new -sha256 -key domain.com.key -out domain.com.csr | |
| #Varify CSR | |
| openssl req -noout -text -in domain.com.csr | |
| # Generate Self Signed Key | |
| openssl x509 -req -days 365 -in domain.com.csr -signkey domain.com.key -out domain.com.crt | |
| #Installation on APACHE | |
| <VirtualHost *:443> | |
| ServerName www.domain.com | |
| DocumentRoot /path/to/htdocs | |
| SSLEngine ON | |
| SSLCertificateFile /etc/pki/tls/certs/domain.com.crt | |
| SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key | |
| #SSLCertificateChainFile /etc/pki/tls/certs/domain.com-chain.crt | |
| ErrorLog logs/ssl.domain.com.error_log | |
| CustomLog logs/ssl.domain.com.access_log combined | |
| </VirtualHost> |