How to Generate Self-signed Certificate in CentOS 7

Nada Ahmed - Oct 2 - - Dev Community

Securing communication over the web is critical, and SSL certificates play a huge role in encrypting data between a server and a client. In this post, I'll walk you through the steps of generating a self-signed SSL certificate in CentOS 7 using OpenSSL

Why Use a Self-Signed Certificate?
Self-signed certificates are ideal for internal projects, development, or testing environments. They enable you to secure communications without needing to purchase a certificate from a Certificate Authority (CA). However, browsers won't trust these certificates by default, and you'll get a warning, but for internal purposes, this is perfectly fine.

Prerequisites

1.CentOS 7 system with root access.
2.OpenSSL and Apache installed.

You can install them with the following commands:

sudo yum install mod_ssl openssl

Image description
Image description

Create a Directory for the Certificate

Create a directory to store the certificate and key:

sudo mkdir /etc/ssl/mycert
cd /etc/ssl/mycert

Step 1: Generate a Private Key

The first step is to create a private key, which will be used to encrypt the SSL communications.

sudo openssl genrsa -out mydomain.key 2048

Explanation:
This command generates a 2048-bit RSA private key named mydomain.key. This key will be used later to sign the certificate.
Image description
Note
When generating the private key, you can add the -des3 option to encrypt the key with a passphrase. This adds an extra layer of security.

sudo openssl genrsa -des3 -out mydomain.key 2048

You'll be prompted to set a passphrase. Every time you use the private key, you'll need to enter this passphrase.

Step 2: Create a Certificate Signing Request (CSR)

Next, you'll create a CSR, which contains information about your organization and the domain you're securing.

sudo openssl req -new -key mydomain.key -out mydomain.csr

You'll be prompted to enter information, such as:
-Country Name
-State
-City
-Organization
-Common Name (FQDN like www.example.com)
-Email
Explanation:
This CSR will later be used to create the self-signed certificate. The information provided is included in the certificate metadata.
Image description
Image description

Step 3: Generate the Self-Signed Certificate

Now, we use the CSR and private key to generate a self-signed certificate.

sudo openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt

Explanation:
The certificate is valid for 365 days and will be named mydomain.crt. This certificate, combined with the private key, will allow us to secure our server.

Step 4: Configure Apache to Use the Certificate*

To secure your web server, we need to configure Apache to use the newly created certificate.

Open the SSL configuration file:

sudo vim /etc/httpd/conf.d/ssl.conf

-Locate and update the following lines

SSLCertificateFile /etc/ssl/mycert/mydomain.crt
SSLCertificateKeyFile /etc/ssl/mycert/mydomain.key

Then Save and exit.
Image description

Step 5: Restart Apache*

Restart Apache to apply the changes and enable SSL.

sudo systemctl restart httpd

Image description

Step 6: Testing the SSL Certificate

Visit your website using https://your-domain.com. Since this is a self-signed certificate, your browser will display a warning. For testing and internal purposes, you can proceed

curl -i https://www.sectom.com

Image description

Conclusion
Congratulations! You’ve successfully generated a self-signed SSL certificate on CentOS 7. This method is perfect for development, testing, or internal use. For production environments, you should obtain a certificate from a trusted CA to avoid browser warnings.

Feel free to ask questions or share your experiences in the comments!

Image
How important a project management software for managing a project?

webdev
Image
How UnicoTaxi's Taxi Booking App Enhances Customer Experience for Transport Businesses?

ondemand, taxidispatchsystem, taxibookingsystem, taxiapp
Image
Code Against the Clock: How I Enhanced My PM Productivity

node, productivity, automation, codeagainstclock
Image
Website Design vs. Development: The Critical Differences

website, design, webdev, development
Image
Building Mindful: A Mental Wellness App with Flutter, Node.js, AI, and Clean Architecture 🌿

node, flutter, llama8b, firebase
Image
Wishing to learn and collaborate with senior developer u der their guidance
Image
Debugging DevStack

opensource, openstack, webdev, cloud
Image
Top 3 Free Web Development Courses with Certificate

webdev, javascript, html, css
Image
Better - An AI powered Code Reviewer GitHub Action

javascript, ai, productivity, github
Image
How to Create a Robust Ubuntu Web Server Using Apache, MySQL, PHP, and Virtual Hosts

php, laravel, mysql, codewithashim
Image
A Tale of Two Employees: Hard Work vs. Consistency
Image
SQL 耗时跟踪

java, mysql, trace
Image
How to Integrate Mixpanel with Remix?

remix, mixpanel, analytics, react
Image
Running a Database Server on EC2: Best Practices and Considerations

database, ec2, aws, security
Image
How to Install and Run Uncensored ChatGPT on Your PC (Offline): A Step-by-Step Guide
Image
Let's build a startup!
Image
New blog post on our Design Thinking process.

webdev, beginners, opensource, discuss
Image
Buy verified BYBIT account

python, ai, devops, productivity
Image
Top Regulated Forex Brokers Reviewed: Find the Most Trusted Platforms
. .
Terabox Video Player