Generate Self-signed Cert
If you are unable to get a certificate from your CA, then a self-signed certificate maybe helpful while performing a POC or working in a non-production envornment.
Self-signed certs are not recommended for production use
The steps below describe how you can generate a self-signed certificate on CentOS 8.x.
Use the steps below to:
- Install
mod_ssl - Create the SSL key and certificate files with the openssl command
dnf install mod_ssl
Create a local root CA
openssl genrsa -aes256 -out mylocalCA.key 2048openssl req -x509 -new -nodes -key mylocalCA.key -sha256 -days 1825 -out mylocalCA.pem
Generate a self-signed cert
openssl genrsa -out localiam.openiam.net.key 2048openssl req -new -key localiam.openiam.net.key -out localiam.openiam.net.csr
Create a config file with the following content
Create a file called localiam.openiam.net.ext
authorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentsubjectAltName = @alt_names[alt_names]DNS.1 = localiam.openiam.net
Execute the following command
openssl x509 -req -in localiam.openiam.net.csr -CA mylocalCA.pem -CAkey mylocalCA.key -CAcreateserial -out localiam.openiam.net.crt -days 825 -sha256 -extfile localiam.openiam.net.ext
The table below explains each of the parameters.
| Parameter | Description |
|---|---|
| openssl | Command line tool for creating and managing OpenSSL certificates, keys, and other files |
| req -x509 | Specifies that we want to use X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL and TLS adhere to for key and certificate management |
| nodes | Tells OpenSSL to skip the option to assign a passphrase to the certificate with a passphrase. This is needed because we need Apache to read this file without user intervention during server startup. |
| days | Period of time that the certificate will be considered valid. |
| newKey rsa:2048 | Specifies that we want to generate a new certificate and a new key, which is 2048 bit long, at the same time |
| keyout | Location where the key file should be placed |
| out | Location where the certificate should be placed. |