Overview
A self-signed certificate is an SSL certificate that has not been validated by a Certificate Authority (CA). That's what meant in that it is 'self' signed.
The level of encryption can be the same as any other certificate, but because it's not validated by a CA, the browser will display a warning when visiting the site. For this reason, these types of certificates are only recommended for internal use on your website where no visitor would ever see or come into contact with.
Browser warnings for self-signed certificates
Because a trusted authority did not sign it, browsers cannot trust it. It will still function normally, but visitors to your site will see a warning. Below are examples of what a visitor would see in Firefox and Chrome.
If you want to attract visitors to your site, DO NOT use a self-signed certificate.
Firefox
Chrome
Creating a self-signed certificate
There are two options to create this type of certificate to use at DreamHost.
- Create it via SSH command line
- Third-party website
Creating a self-signed certificate via SSH
You can run these commands on a Linux or Mac computer, however these instructions show how to log into your DreamHost web server to run the commands.
- Log into your DreamHost web server via SSH.
- Navigate into your user's home directory:
[server]$ cd ~
- Generate a new RSA private key by entering the following command.
[server]$ openssl genrsa -out Private.key 2048
- This creates a file named Private.key.
- Create the certificate using this new private key file.
[server]$ openssl req -new -x509 -key Private.key -out Certificate.crt -days 365 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
After running the command, you'll be asked for your site information to create a CSR. You can just press the Enter key through these options without entering anything since your browser will throw a warning for the Self-Signed certificate by default.
- Check to confirm both your private key and certificate have been created.
[server]$ ls -1 Certificate.crt Private.key
Now that the private key and certificate have been created, you can install them in your panel using the following article:
Using SSH, you can open the files to view their contents by running cat:
[server]$ cat Certificate.crt [server]$ cat Private.key
Creating a self-signed cert with an online website
There are several websites that allow you to create a self-signed certificate within it such as the following:
Forcing your site to load HTTPS be default
Even after you have added the SSL certificate to your site, visitors will not be able to use it unless they manually type in https before your domain name. This defeats the purpose of adding it in the first place since the certificate is meant to protect all of your website traffic.
There are several ways to fix this. View the following article for instructions on how to create a configuration file to redirect all visitor traffic to the secure version of your URL (HTTPS):
