Hot Koehls

The more you know, the more you don’t know

This content is a little crusty, having been with me through 3 separate platform changes. Formatting may be rough, and I am slightly less stupid today than when I wrote it.
24 Feb 2012

Create Self-Signed Wildcard SSL Certificate

Here’s the command list to quickly create a self-signed SSL certificate from the Linux command line. You can copy/paste each line to the shell to generate the key.

It assumes you will place each set of SSL files under a directory assigned per domain; at the end you will have a directory that contains the newly created .host, .key, .pem and .info files.

mkdir /etc/ssl/subdomain.domain.com && cd /etc/ssl/subdomain.domain.com

openssl genrsa 2048 > host.key

openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert

# Enter subdomain.domain.com for Common Name. It's the 6th option in the dialog.
# All other options can be left blank for defaults
# For wildcard SSL, enter *.domain.com
openssl x509 -noout -fingerprint -text < host.cert > host.info

cat host.cert host.key > host.pem

chmod 400 host.key host.pem

A signed SSL certificate is necessary for all your public-facing domains. But you can save yourself a lot of time and money by using self-signed certificates on sites that have a limited or more technical audience. For example, I use self-signed certificates for all the installations of phpMyAdmin that I set up.

The protection you get from a self-signed certificate is exactly the same as one you pay for; the browser warning that pops up is the only difference. Click through it and you’re good to go.


comments powered by Disqus