Create Self Signed Certificates for Ubuntu 17.04 | 17.10

Here’s a quick tip on creating self-signed SSL certificates on Ubuntu 17.04 | 17.10. Self-signed certs are those are are primarily used in test environments or within a company’s infrastructure.

Self signed certificates are created, validated by the creator. No third-parties are involved to validate that the certificates are trusted and validated independantly. These certificates are different from public certificates in that the public certs are trusted and validated by an independent entity.

So, the creator of the certificates is not the one who validates it. That’s why they’re called self-signed certificates.

This brief tutorial is going to show students and new users how to create these certificates on Ubuntu systems.

To create a self-signed certificate on Ubuntu systems, follow the steps below

Step 1: Create a RSA Private Key

When creating a self-signed certificate, you must first create a private key. This key should stay private and stored on the server and not shared. The private key is used to then create a public certificate that you can share.

To create a private key, run the commands below

sudo bash
cd /etc/ssl/private
openssl genrsa -aes128 -out server.key 2048

When creating a private key, you will be prompted to create and confirm and password or passphrase. However, it’s best to create a key without a passphrase. To remove the passphrase from the key you just created, run the commands below.

openssl rsa -in server.key -out server.key

Step 2: Create a Certificate Signing Request

After creating the private key, run the commands below to create a certificate signing request using the server private key. Certificate signing request or CSR is used to provide some details of the entity and the resource you want to incorporate into the request.

To create a CSR, run the commands below

openssl req -new -days 365 -key server.key -out server.csr

When you run the above commands, you should be prompted with the questions below to incorporate into the certificate. Answer the highlighted lines as shown below.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Brooklyn
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Business
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: LEAVE BLANK
An optional company name []:

When you’re done above, continue below to create a public SSL certificate.

Step 3: Create a Self-Signed Certificate

Now that the Private key and CSR are create, run the commands below to create a self-signed SSL certificate called server.crt that will be valid for 365 days.

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

That’s it!

Next run the commands below to protect the certificate.

chmod 400 server.*

To use the certificate you’ll need to combine the server key and the public certificate into the configuration file of your applications.


You may also like the post below:

One Reply to “Create Self Signed Certificates for Ubuntu 17.04 | 17.10”

  1. Hi,
    In step 1, the output is a symmetric key. It didn’t generate a public key and a private key. Am I missing something.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.