Create Self Signed SSL Certificate – CentOS and RHEL

by | Dec 7, 2015 | RHEL / CentOS

This article will guide you on creating a custom Self-signed SSL Certificate in no time. For creating one you would need top have Root access to the host. SSL Certificate is used for securing the access to a website or any apache based WebUI you use and that includes Nagios and Cacti.

First would need to generate the custom certificate files. That would include creating 3 files for it.

  1. File1*.key
  2. File2*.csr
  3. File3*.crt

Then would need to generate the SSLCertificate file “/etc/pki/tls/”

# cd /etc/pki/tls
# openssl genrsa -out test-server.hm.local.key 2048
# openssl req -new -key test-server.hm.local.key -out test-server.hm.local.csr

Output

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:GB
State or Province Name (full name) []:State
Locality Name (eg, city) [Default City]:NewCity
Organization Name (eg, company) [Default Company Ltd]:Vizio Ltd.
Organizational Unit Name (eg, section) []:DEV
Common Name (eg, your name or your server's hostname) []:Nagios and Cacti Server
Email Address []:admin@vizio.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:Vizio Ltd
# openssl x509 -req -days 1095 -in test-server.hm.local.csr -signkey test-server.hm.local.key -out test-server.hm.local.crt

And then move the Key, CSR and Cert to the TLS folder on the host

# mv test-server.hm.local.crt /etc/pki/tls/certs/
# mv test-server.hm.local.key /etc/pki/tls/private/
# mv test-server.hm.local.csr /etc/pki/tls/private/

Reflect the location of the newly generated Certs by editing “ssl.conf”

NOTE: If there is no “ssl.conf” then you need to install openssl.

# yum -y install openssl openssl-devel mod_ssl

# vi /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/test-server.hm.local.crt
SSLCertificateKeyFile /etc/pki/tls/private/test-server.hm.local.key

Lastly Restart Apache Service for the Cert to be navigated and picked up

# service httpd restart

Related Articles….