How to Create Self-Signed SSL Certificates on Ubuntu 20.04 | 18.04

This brief tutorial shows students and new users how to setup self-signed SSL certificates on Ubuntu 20.04 | 18.04.

Self-signed certificates are mostly used internally within labs or business environments where the certificates are created by a person or company and not a trusted third-party.

These certificates, although not created by trusted third party certificate authority (CA), it has the same level of encryption as trusted certificates.

Certificates that are self-signed that are being used to protect a resource will display warning in all web browsers that the certificate can’t be trusted.

The openssl toolkit is required to generate a self-signed certificate.

Make sure openssl toolkit is installed. To validate that, run the commands below:

openssl version

That should display an output similar to the one below:

OpenSSL 1.1.1f 31 Mar 2020

If the the package isn’t installed, simply run the commands below to install it.

sudo apt install openssl

To create a self-signed certificates, run the commands below:

openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out example.crt -keyout example.key

Details of the commands above:

  • -newkey rsa:4096 – create a new certificate request with RSA 4096 bit. Default is 2048
  • -x509 – creates a X.509 Certificate.
  • -sha256 – use 265-bit SHA (Secure Hash Algorithm)
  • -days 365 – the number of days to certify the certificate for. 365 is 1 years.
  • -nodes – creates a key without a passphrase.
  • -out example.crt – specifies the filename of the certificate
  • -keyout example.key – specifies the filename of the certificate key

Once you press Enter, the certificate generation process should start.

After that, the certificate file and key should be created.

Enter the certificate information when prompted.

enerating a RSA private key
....................................................................................................................................................................................................................................................................++++
.............................................................++++
writing new private key to 'example.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Brooklyn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:it@example.com

The certificate file and key are created and ready to use.

If you want to do the same thing above but without prompts to enter the certificate details, simply run the commands below:

openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out example.crt -keyout example.key -subj "/C=US/ST=New York/L=Brooklyn/O=Example, Inc./OU=IT/CN=example.com"

The details of the subject line:

C =  Country name. The two-letter ISO abbreviation.
ST = State or Province name.
L =  Locality Name. The name of the city where you are located.
O =  The full name of your organization.
OU = Organizational Unit.
CN = The fully qualified domain name.

That should do it!

Conclusion:

This post showed you how to setup self-signed SSL certificates on Ubuntu. If you find any error above, please use the comment form below to report.

Thanks,

You may also like the post below:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.