Generate Self-signed Cert
If you are unable to get a certificate from your CA, then a self-signed certificate maybe helpful while performing a POC or working in a non-production envornment.
Self-signed certs are not recommended for production use
The steps below describe how you can generate a self-signed certificate on CentOS 8.x.
Use the steps below to:
- Create the SSL key and certificate files with the openssl command
dnf install mod_ssl
Create a local root CA
openssl genrsa -aes256 -out mylocalCA.key 2048openssl req -x509 -new -nodes -key mylocalCA.key -sha256 -days 1825 -out mylocalCA.pem
Generate a self-signed cert
openssl genrsa -out localiam.openiam.net.key 2048openssl req -new -key localiam.openiam.net.key -out localiam.openiam.net.csr
Create a config file with the following content
Create a file called
authorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentsubjectAltName = @alt_names[alt_names]DNS.1 = localiam.openiam.net
Execute the following command
openssl x509 -req -in localiam.openiam.net.csr -CA mylocalCA.pem -CAkey mylocalCA.key -CAcreateserial -out localiam.openiam.net.crt -days 825 -sha256 -extfile localiam.openiam.net.ext
The table below explains each of the parameters.
|openssl||Command line tool for creating and managing OpenSSL certificates, keys, and other files|
|req -x509||Specifies that we want to use X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management|
|nodes||Tells OpenSSL to skip the option to assign a passphrase to the certificate with a passphrase. This is needed because we need Apache to read this file without user intervention during server startup.|
|days||Period of time that the certificate will be considered valid.|
|newKey rsa:2048||Specifies that we want to generate a new certificate and a new key, which is 2048 bit long, at the same time|
|keyout||Location where the key file should be placed|
|out||Location where the certificate should be placed.|