Current location - Quotes Website - Personality signature - How to create a self-signed SSL certificate
How to create a self-signed SSL certificate
To create a self-signed SSL certificate:

Step 1: Generate private key.

Generate RSA private key using openssl tool.

Description: Generate rsa private key, des3 algorithm, 2048-bit strength, server.key is the file name of the key.

Note: To generate a private key, you need to provide a password with at least 4 digits.

Step 2: Generate CSR (Certificate Signing Request)

After generating the private key, you can create a csr file.

There are two choices at this time. Ideally, the certificate can be sent to a certificate authority (CA), and after the CA verifies the identity of the requester, it will issue a signed certificate (which is very expensive). In addition, if it is only for internal or test requirements, you can also use OpenSSL to achieve self-signing, as follows:

Description: You need to enter country, region, city, organization, organizational unit, common name and email. Among them, common names can write their own names or domain names. If you want to support https, the common name should be the same as the domain name, otherwise it will cause a browser warning.

Step 3: Delete the password in the private key.

During the process of creating the private key in step 1, a password must be specified. And this password will bring a side effect, that is, Apache will ask for a password every time it starts the Web server, which is obviously very inconvenient. To delete the password in the private key:

Step 4: Generate a self-signed certificate.

If you don't want to spend money to get CA to sign, or just test the concrete implementation of SSL. Then, you can now start generating self-signed certificates.

It should be noted that when using a self-signed temporary certificate, the browser will prompt that the issuing authority of the certificate is unknown.

Description: crt has the information of the certificate holder, the holder's public key and the signer's signature. When a user installs a certificate, it means that he trusts the certificate and there is a public key in the certificate. The purpose will be stated on the certificate, such as server authentication, client authentication or signing other certificates. When the system receives a new certificate, it will explain who signed it. If the signer can indeed sign other certificates, and the signature on the received certificate can match the signer's public key, the system will automatically trust the new certificate.

The above are all the steps to apply for a self-signed SSL certificate, but it is not recommended that you use a self-signed SSL certificate, because it is not subject to any supervision, anyone can issue it, and there is basically no security. Therefore, it is recommended to choose SSL certificates issued by authoritative CA institutions, such as Symantec, GeoTrust, Comodo and RapidSSL.