Skip to main content

Steps to create Self-Signed SSLs

Now that we have created our CA private and public key files, we are now going to create another pair of public and private key files and sign them using our CA files. Follow the steps below:

Generating Self-Signed SSLs:

We now need to create the private key file of our SSL certificate. To do this, enter the following:

openssl genrsa -out cert-key.pem 4096

This will output a file called cert-key.pem, which is the private key file of our SSL certificate.

We now create what is known as a Certificate Signing Request File, so that we can generate a public key file for the SSL certificate that has been signed by the CA files. To do this enter the following command:

In "/CN-yourcn", enter any name you fancy, for example FirstNameInitialLastnameInitial Certificate Authority

openssl req -new -sha256 -subj "/CN=yourcn" -key cert-key.pem -out cert.csr

We now need to create a file that contains the domains / IP address we want to create the SSL Certificate for:

echo "subjectAltName=DNS:kvis.network,DNS:*.kvis.network,IP:192.168.3.250" >> extfile.cnf

You can enter as many DNS entries as you want. The .kvis.network is a wildcard domain so anything.kvis.network will work. If you want something.anything.kvis.network to be authenticated with this SSL, you need add an entry like so: "DNS:*.anything.kvis.network . I would recommend creating wildcard SSLs, so you wouldn't have to create a new SSL everytime you want create a SSL for a service

This is the step where you create the public key file of the SSL certificate:

openssl x509 -req -sha256 -days 365 -in cert.csr -CA ca.pem -CAkey ca-key.pem -out cert.pem -extfile extfile.cnf -CAcreateserial

You will be prompted to enter a passphrase. Enter the passphrase you used to secure your CA private key file.

This will output a file called cert.pem which is the public key file of this certificate and has also been signed by your CA.