DEV Community

Cover image for How to Generate Self-signed Certificate in CentOS 7
Nada Ahmed
Nada Ahmed

Posted on • Edited on

How to Generate Self-signed Certificate in CentOS 7

Securing communication over the web is critical, and SSL certificates play a huge role in encrypting data between a server and a client. In this post, I'll walk you through the steps of generating a self-signed SSL certificate in CentOS 7 using OpenSSL

Why Use a Self-Signed Certificate?
Self-signed certificates are ideal for internal projects, development, or testing environments. They enable you to secure communications without needing to purchase a certificate from a Certificate Authority (CA). However, browsers won't trust these certificates by default, and you'll get a warning, but for internal purposes, this is perfectly fine.

Prerequisites

1.CentOS 7 system with root access.
2.OpenSSL and Apache installed.

You can install them with the following commands:

sudo yum install mod_ssl openssl

Image description
Image description

Create a Directory for the Certificate

Create a directory to store the certificate and key:

sudo mkdir /etc/ssl/mycert
cd /etc/ssl/mycert

Step 1: Generate a Private Key

The first step is to create a private key, which will be used to encrypt the SSL communications.

sudo openssl genrsa -out mydomain.key 2048

Explanation:
This command generates a 2048-bit RSA private key named mydomain.key. This key will be used later to sign the certificate.
Image description
Note
When generating the private key, you can add the -des3 option to encrypt the key with a passphrase. This adds an extra layer of security.

sudo openssl genrsa -des3 -out mydomain.key 2048

You'll be prompted to set a passphrase. Every time you use the private key, you'll need to enter this passphrase.

Step 2: Create a Certificate Signing Request (CSR)

Next, you'll create a CSR, which contains information about your organization and the domain you're securing.

sudo openssl req -new -key mydomain.key -out mydomain.csr

You'll be prompted to enter information, such as:
-Country Name
-State
-City
-Organization
-Common Name (FQDN like www.example.com)
-Email
Explanation:
This CSR will later be used to create the self-signed certificate. The information provided is included in the certificate metadata.
Image description
Image description

Step 3: Generate the Self-Signed Certificate

Now, we use the CSR and private key to generate a self-signed certificate.

sudo openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt

Explanation:
The certificate is valid for 365 days and will be named mydomain.crt. This certificate, combined with the private key, will allow us to secure our server.

Step 4: Configure Apache to Use the Certificate*

To secure your web server, we need to configure Apache to use the newly created certificate.

Open the SSL configuration file:

sudo vim /etc/httpd/conf.d/ssl.conf

-Locate and update the following lines

SSLCertificateFile /etc/ssl/mycert/mydomain.crt
SSLCertificateKeyFile /etc/ssl/mycert/mydomain.key

Then Save and exit.
Image description

Step 5: Restart Apache

Restart Apache to apply the changes and enable SSL.

sudo systemctl restart httpd

Image description

Step 6: Testing the SSL Certificate

Visit your website using https://your-domain.com. Since this is a self-signed certificate, your browser will display a warning. For testing and internal purposes, you can proceed

curl -i https://www.sectom.com

Image description

Conclusion
Congratulations! You’ve successfully generated a self-signed SSL certificate on CentOS 7. This method is perfect for development, testing, or internal use. For production environments, you should obtain a certificate from a trusted CA to avoid browser warnings.

Feel free to ask questions or share your experiences in the comments!

Top comments (0)