Create Your Own Private SSL/TLS Certificates
Simple Setup
If you just need a public/private certificate pair, then you can use:
Certificate Authority Method
If you also need to act as your own certificate authority that signed the certificate then...
Create your a private key for your certificate authority.
Now create the public certificate for that certificate authority. This may be referred to as the "root certificate".
Now create a private certificate for your site:
Now we need to create a "certificate signing request" to "give" to our CA to sign:
Now we hand that over to the certificate authority (which is ourselves), and they use it to create a public certificate for the site (which we hand back to ourselves).
However, first they (us) need to create a configuration file ( which tweaks the data within the generated certificate to state things like what the certificate can be used for:
Fill it with the following, changing the DNS.1
value to whatever your site FQDN is:
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = my.domain.com
Now we have all of these files, we can finally use them to create the site certificate file:
Now you have all of your certificates. If you use Apache, you will need the three files:
- ca.crt - the certificate authorities public certificate.
- site.crt - the public certificate for our site.
- site.pem - the private key for our site
If you are using Nginx, you need to bundle the ca.crt and site.crt files together:
... so then you only need:
- site.pem - your site's private certificate file
- bundle.crt - a single public certificate file representing your site and the certificate authority.
References
- deliciousbrains.com - How to Create Your Own SSL Certificate Authority for Local HTTPS Development
- IBM.com - Generating a self-signed certificate using OpenSSL
First published: 12th August 2021