Generate Self-Signed SSL Certificate Using OpenSSL

Introduction

Before generating a self-signed certificate, let's understand what is SSL, SSL certificates, and Self-signed certificates and the risks associated with it.

What is SSL?

SSL/TLS stands for secure sockets layer and transport layer security. It is a protocol or communication rule that allows computer systems to talk to each other on the internet safely.

What is SSL Certificate?

SSL/TLS certificates allow web browsers to identify and establish encrypted network connections to websites using the SSL/TLS protocol. A certificate authority (CA) is an organization that sells SSL/TLS certificates to web owners, web hosting companies, or businesses.

To know more about SSL certificates, please check out the below link: SLL/TLS Certificate: What is it and why it's important - AWS (amazon.com)

What is a Self-Signed SSL Certificate?

A self-signed certificate is one that is not signed by a certificate authority (CA) at all – neither private nor public. In this case, the certificate is signed with its own private key instead of requesting it from a public or a private CA. These self-signed certificates are easy to make and do not cost money. However, they do not provide any trust value.

Advantages

  1. Self-signed certificates can be created for free using a wide variety of tools, including OpenSSL, Java's key tool, Adobe Reader, wolfSSL, and Apple's Keychain.
  2. Developers don't have to depend on CA for certificate insurance.
  3. Useful in development and test environment.

Disadvantages

  1. As Self-signed certificates are not issued by trusted CAs, so there is no guarantee that the certificate is legitimate.
  2. The browser displays a warning, stating that the certificate of the site is not issued by a trusted CA, and, therefore, the connection is not guaranteed to be secure.
  3. Self-signed certificates cannot be revoked by CA in case of a network breach

Steps to generate a self-signed SSL certificate

1. Download & install the OpenSSL using any of the below links: 

2. After installing OpenSSL on your PC, search for OpenSSL & open the OpenSSL command prompt

 

You will get the below screen.

2. Copy & Run the below command to generate the certificate & key files ( .pem format).

c:\users\SandeepN>openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "C:\users\SandeepN\Documents\AWS SSL\key.pem" -out "C:\users\SandeepN\Documents\AWS SSL\cert.pem"

3. Provide the requested details

Note. For Comman name, please provide the domain name of your web application.

In this example, I am providing the domain name of my AWS Elastic Beanstalk application.

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:MH
Locality Name (eg, city) []:Pune
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Pvt. Ltd.
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []: mytestapp.eu-west-1.elasticbeanstalk.com
Email Address []:[email protected]

Open SSL CMD Prompt

4. On successful command execution, 2 PEM files will be generated. Here, we are using a .pem file to store SSL Certificate and its Private key.

  • cert.pem contains certificate information
  • key.pem contains the private encryption key

What is a PEM File?

Read the below article to get an understanding of PEM Files
https://www.c-sharpcorner.com/article/what-is-a-pem-file/

That's it; your Certificate(cert.pem) and Primary key(key.pem) is now generated. You can use these files to do SSL configuration for your web application.

Conclusion

In this article, we have gone through the basics of SSL, SSL certificates, and their use. We have also got an overview of a self-signed SSL certificate, its advantages and disadvantages, and how to generate a self-signed SSL Certificate.


Similar Articles