This is a simple script that will generate a self signed certificate. This certificate can be used with a web server that will serve up SSL encrypted web pages. Then viewed with a web browser the browser will complain that the certificate is self signed. Click on buttons to say that you accept the risk. A configuration file is needed, this has a .cnf suffix. A couple of examples are given. This config file must be tweaked to describe your organisation & web site. The parameters to tweak are: countryName= UK stateOrProvinceName= Hertfordshire localityName= My Town organizationName= Some Organisation organizationalUnitName= Some Department commonName= www.example.com emailAddress= email@example.com THE important one is commonName - which must match server name in the web server config. The others, put whatever you want. The certificate can be generated for multiple sites. If you want this tweak the parameters at the end of the EXAMPLE.cnf in the "alt_names" section. If you do not want this then comment out: subjectAltName [ alt_names ] DNS.1, etc The script will let you view certificate files, use the --help option to find out how. Put the generated files somewhere that can be accessed by the web server, eg: /etc/apache/certificates/ IMPORTANT: the .key files are precious, they should not be generally readable. Putting them in a different directory (that is protected) than the signed certificates can help avoid security errors. Apache config example: SSLCertificateFile /etc/apache/certificates/public/my-site.crt SSLCertificateKeyFile /etc/apache/certificates/private/my-site.key Nginx config example: ssl_certificate /etc/nginx/certificates/public/my-site.crt; ssl_certificate_key /etc/nginx/certificates/private/my-site.key; To use this script you need to have installed: ksh and openssl. This script is released under the GPL, version 3 or later, see: https://www.gnu.org/licenses/gpl-3.0.html Alain D D Williams <firstname.lastname@example.org> January 2024
Return to this tutorial index.