How to create a self-signed certificate with OpenSSL

Question

I am trying to add HTTPS support to the embedded Linux device. I tried to generate the self-signed certificate by using the steps:

openssl req -new > cert.csr

openssl rsa -in privkey.pem -out key.pem

openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001

cat key.pem>>cert.pem

It is working, but It is giving some errors. for example, 

Google Chrome:

This is probably not the site you are looking for!

The site's security certificate is not trusted!

Kindly help me.

Answer 1

You can do that in one command:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

You will need to add -nodes if you don't want to protect your private key with any passphrase. else, it will prompt you telling "at least for 4 character" password.

You need to replace it with a number to affect an expiration date. It will then prompt it for things like "Country Name", but you can just hit Enter and receive the defaults.

Add -subj '/CN=localhost'  #to suppress questions about the contents of the certificate.

Self-signed certificates are not validated with any 3rd party unless you import them to the browsers previously. If you want more security, you can use the certificate signed by a certificate authority (CA).

To know about Linux join the Linux training