Create Self-Signed Wildcard SSL Certificate
Here’s the command list to quickly create a self-signed SSL certificate from the Linux command line. You can copy/paste each line to the shell to generate the key.
It assumes you will place each set of SSL files under a directory assigned per domain; at the end you will have a directory that contains the newly created .host
, .key
, .pem
and .info
files.
mkdir /etc/ssl/subdomain.domain.com && cd /etc/ssl/subdomain.domain.com
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
# Enter subdomain.domain.com for Common Name. It's the 6th option in the dialog.
# All other options can be left blank for defaults
# For wildcard SSL, enter *.domain.com
openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem
chmod 400 host.key host.pem
A signed SSL certificate is necessary for all your public-facing domains. But you can save yourself a lot of time and money by using self-signed certificates on sites that have a limited or more technical audience. For example, I use self-signed certificates for all the installations of phpMyAdmin that I set up.
The protection you get from a self-signed certificate is exactly the same as one you pay for; the browser warning that pops up is the only difference. Click through it and you’re good to go.
comments powered by Disqus