This is a simple script that will generate a self signed certificate.
This certificate can be used with a web server that will serve up SSL encrypted web pages.
Then viewed with a web browser the browser will complain that the certificate is self
signed. Click on buttons to say that you accept the risk.
A configuration file is needed, this has a .cnf suffix.
A couple of examples are given.
This config file must be tweaked to describe your organisation & web site.
The parameters to tweak are:
countryName= UK
stateOrProvinceName= Hertfordshire
localityName= My Town
organizationName= Some Organisation
organizationalUnitName= Some Department
commonName= www.example.com
emailAddress= bofh@example.com
THE important one is commonName - which must match server name in the web server config.
The others, put whatever you want.
The certificate can be generated for multiple sites. If you want this
tweak the parameters at the end of the EXAMPLE.cnf in the "alt_names" section.
If you do not want this then comment out:
subjectAltName
[ alt_names ]
DNS.1, etc
The script will let you view certificate files, use the --help option
to find out how.
Put the generated files somewhere that can be accessed by the web server, eg:
/etc/apache/certificates/
IMPORTANT: the .key files are precious, they should not be generally readable.
Putting them in a different directory (that is protected) than the signed
certificates can help avoid security errors.
Apache config example:
SSLCertificateFile /etc/apache/certificates/public/my-site.crt
SSLCertificateKeyFile /etc/apache/certificates/private/my-site.key
Nginx config example:
ssl_certificate /etc/nginx/certificates/public/my-site.crt;
ssl_certificate_key /etc/nginx/certificates/private/my-site.key;
To use this script you need to have installed: ksh and openssl.
This script is released under the GPL, version 3 or later, see:
https://www.gnu.org/licenses/gpl-3.0.html
Alain D D Williams <addw@phcomp.co.uk> January 2024
Return to this tutorial index.