https://www.vultr.com

The Everywhere Cloud

Deploy an instance.
Accelerate your application.


Making Self-Signed Digital Certificates


The need for TLS/SSL certificates may arise when developing server projects that need encryption, like the Apache web server on Debian-based or Red Hat-based Linux distributions, on the FreeBSD operating system, and the Home Assistant home automation system.

The following procedure shows how to create and install self-signed certificates, if acquiring them from a Certificate Authority (CA) is either too expensive or too complicated. It is important to keep in mind, however, that self-signing may be deemed UNTRUSTWORTHY in a production environment.

==========

1. Create the certificate and key.

1.1. [OPTION A] One-step process, skipping the Certificate Signing Request (CSR).

user@host: $ openssl req -new -x509 -days 36500 -nodes -keyout server.key -out server.crt

1.2. [OPTION B] Separate CSR for submission to CAs, if planning to legitimize later on.

1.2.1. Generate keys for the CSR.

user@host: $ openssl genrsa -des3 -out server.key 2048

1.2.2. Generate the CSR.

user@host: $ openssl req -new -key server.key -out server.csr

1.2.3. Generate the certificate.

user@host: $ openssl x509 -req -days 36500 -in server.csr -signkey server.key -out server.crt

2. Install the certificate and key.

2.1. Linux

2.1.1. Debian-based distributions

user@host: $ sudo cp server.crt /etc/ssl/certs
user@host: $ sudo cp server.key /etc/ssl/private

2.1.2. Red Hat-based distributions

user@host: $ sudo cp server.crt /etc/pki/tls/certs
user@host: $ sudo cp server.key /etc/pki/tls/private

2.2. FreeBSD

2.2.1. Log in to "root". Regular users must be part of the "wheel" group in order to do this.

user@host: $ su
/* Instead of "su -", use "su" to remain in the current working directory. */

2.2.2. Copy the files to their corresponding OpenSSL directories.

root@host: # cp server.crt /usr/local/etc/apache24
root@host: # cp server.key /usr/local/etc/apache24

2.2.3. Log out from "root".

root@host: # exit

==========

Comments

Popular posts from this blog

Enabling HTTPS in Home Assistant

Configuring the FreeBSD Firewall with IPFW

Running Home Assistant on FreeBSD Servers