How to Create Free SSL/TLS Certificate with OpenSSL
SSL/TLS certificate is required to encrypt data sent over internet communication. Without encryption, the sent data can be hacked by the middle man attack. SSL/TLS certificate is usually a pair key, public key and private key, solution where data is encrypted with public key and decrypted with private key.
In public communication, public key is required to be signed by a CA (certificate authority) but in private communication, there is no need to be signed by any CA. If we don’t sign public key by any CA, browsers will show a warning message that the certificate is not trusted. Although browser shows waning message, the communication is encrypted and secure yet.
A lot of tools are available to create self signed certificate. Among them, OpenSSL is so popular and SSL certificate can be created without any hassle. So, in this article, I will show how to create free SSL certificate with OpenSSL in Ubuntu Server.
Generating Free SSL Certificate with OpenSSL
OpenSSL is a free tool which can be used to generate self signed SSL/TLS certificate. OpenSSL usually comes built-in in Linux operating system. So, if you have Ubuntu Server or any other Linux operating system installed, you can easily create free SSL certificate with OpenSSL.
To be ensure that your operating system has OpenSSL installed, issue the following command in your command prompt.
If your system has OpenSSL installed, you will find the version of your OpenSSL with the above command. If your system has OpenSSL installed, you are ready to run OpenSSL command to create free SSL/TLS certificate.
At first we will create a password key file that will be used to generate private key. So, run the following command to create password key file.
The above command will create a password key file named system.pass.key. For simplicity, I have given the file name as system but you are free to put any name for your file. If you run ls command, you will find a file has been created in your working directory.
system.pass.key
We will now create private key file with OpenSSL command. So, run the following OpenSSL command to generate private key file.
The above command will generate private key file named system.key. Private key file is so important and should not be shared with anyone. If anyone get your private key, he/she will be able to decrypt your encrypted data. So, be careful to store your private key safely.
You will now find two files in your working directory. One is password key file and another is private key file. Password file will not be required in future. So, we will delete this file with the following command.
We will now generate CSR (Certificate Signing Request) file that will be required to generate public key file. So, run the following OpenSSL command to generate CSR file.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:BD
State or Province Name (full name) [Some-State]:DHK
Locality Name (eg, city) []:DHK
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SystemZone
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:webserver
Email Address []:sayeed@systemzone.net
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
The above command will ask some questions about your SSL certificate like the above example. So, give the information that will be asked to you.
We will now create our public key certificate file with OpenSSL command. So, run the following OpenSSL command to create public key certificate file.
The above command will generate public key certificate file with 365 days validity. But if you wish you can put more validity period.
In your working directory, you will now find three files. Among them, system.key and system.crt are private key and public key file accordingly.
system.crt system.csr system.key
You can now use these OpenSSL generated files for your Webserver, Email Server or any other application where SSL/TLS certificate is required.
A summery of OpenSSL commands has been given below so that you can generate free SSL/TLS certificate so easily.
– openssl rsa -passin pass:xnet@123 -in [filename].pass.key -out [filename].key
– rm [filename].pass.key
– openssl req -new -key [filename].key -out [filename].csr
– openssl x509 -req -days [numdays] -in [filename].csr -signkey [filename].key -out [filename].crt
Replace [filename] and [numdays] according to your wish and save generated files to make your application secure.
How to create free SSL/TLS certificate with OpenSSL tool has been discussed in this article. I hope you will now be able to create free SSL certificate for your application with OpenSSL. However, if you face any confusion, feel free to discuss in comment or contact me from Contact page. I will try my best to stay with you.
Why not a Cup of COFFEE if the solution?