DEV Community

Cover image for How to Generate Self-signed Certificate in CentOS 7
Nada Ahmed
Nada Ahmed

Posted on • Edited on

3

How to Generate Self-signed Certificate in CentOS 7

Securing communication over the web is critical, and SSL certificates play a huge role in encrypting data between a server and a client. In this post, I'll walk you through the steps of generating a self-signed SSL certificate in CentOS 7 using OpenSSL

Why Use a Self-Signed Certificate?
Self-signed certificates are ideal for internal projects, development, or testing environments. They enable you to secure communications without needing to purchase a certificate from a Certificate Authority (CA). However, browsers won't trust these certificates by default, and you'll get a warning, but for internal purposes, this is perfectly fine.

Prerequisites

1.CentOS 7 system with root access.
2.OpenSSL and Apache installed.

You can install them with the following commands:

sudo yum install mod_ssl openssl

Image description
Image description

Create a Directory for the Certificate

Create a directory to store the certificate and key:

sudo mkdir /etc/ssl/mycert
cd /etc/ssl/mycert

Step 1: Generate a Private Key

The first step is to create a private key, which will be used to encrypt the SSL communications.

sudo openssl genrsa -out mydomain.key 2048

Explanation:
This command generates a 2048-bit RSA private key named mydomain.key. This key will be used later to sign the certificate.
Image description
Note
When generating the private key, you can add the -des3 option to encrypt the key with a passphrase. This adds an extra layer of security.

sudo openssl genrsa -des3 -out mydomain.key 2048

You'll be prompted to set a passphrase. Every time you use the private key, you'll need to enter this passphrase.

Step 2: Create a Certificate Signing Request (CSR)

Next, you'll create a CSR, which contains information about your organization and the domain you're securing.

sudo openssl req -new -key mydomain.key -out mydomain.csr

You'll be prompted to enter information, such as:
-Country Name
-State
-City
-Organization
-Common Name (FQDN like www.example.com)
-Email
Explanation:
This CSR will later be used to create the self-signed certificate. The information provided is included in the certificate metadata.
Image description
Image description

Step 3: Generate the Self-Signed Certificate

Now, we use the CSR and private key to generate a self-signed certificate.

sudo openssl x509 -req -days 365 -in mydomain.csr -signkey mydomain.key -out mydomain.crt

Explanation:
The certificate is valid for 365 days and will be named mydomain.crt. This certificate, combined with the private key, will allow us to secure our server.

Step 4: Configure Apache to Use the Certificate*

To secure your web server, we need to configure Apache to use the newly created certificate.

Open the SSL configuration file:

sudo vim /etc/httpd/conf.d/ssl.conf

-Locate and update the following lines

SSLCertificateFile /etc/ssl/mycert/mydomain.crt
SSLCertificateKeyFile /etc/ssl/mycert/mydomain.key

Then Save and exit.
Image description

Step 5: Restart Apache

Restart Apache to apply the changes and enable SSL.

sudo systemctl restart httpd

Image description

Step 6: Testing the SSL Certificate

Visit your website using https://your-domain.com. Since this is a self-signed certificate, your browser will display a warning. For testing and internal purposes, you can proceed

curl -i https://www.sectom.com

Image description

Conclusion
Congratulations! You’ve successfully generated a self-signed SSL certificate on CentOS 7. This method is perfect for development, testing, or internal use. For production environments, you should obtain a certificate from a trusted CA to avoid browser warnings.

Feel free to ask questions or share your experiences in the comments!

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

👋 Kindness is contagious

Dive into an ocean of knowledge with this thought-provoking post, revered deeply within the supportive DEV Community. Developers of all levels are welcome to join and enhance our collective intelligence.

Saying a simple "thank you" can brighten someone's day. Share your gratitude in the comments below!

On DEV, sharing ideas eases our path and fortifies our community connections. Found this helpful? Sending a quick thanks to the author can be profoundly valued.

Okay