Add a free self-signed SSL certificate

 

Overview

This article shows you how to create a self-signed SSL certificate.

Background

A self-signed certificate is an SSL certificate that has not been validated by a Certificate Authority (CA).

The level of encryption can be the same as any other certificate, but because it's not validated by a CA, the browser displays a warning when visiting the site. For this reason, these types of certificates are only recommended for internal use on websites that are not publicly accessible. 

Do not use a self-signed certificate if your intention is to attract visitors to your site.

How to create a self-signed certificate

You can create a self-signed certificate by either using SSH commands or a third-party website.

Using SSH

These instructions create a certificate on your DreamHost web server.

  1. Log in to your DreamHost web server via SSH.
  2. Navigate into your user's home directory:
    [server]$ cd ~
  3. Generate a new RSA private key by entering the following command:
    [server]$ openssl genrsa -out Private.key 2048
    This creates a file named Private.key.
  4. Create the certificate (named Certificate.crt) using this new private key file:
    [server]$ openssl req -new -x509 -key Private.key -out Certificate.crt -days 365

    After running the command, you're prompted for your site information to create a CSR. You can simply click the Enter key through each prompt since your browser will throw a warning for the Self-Signed certificate by default.

  5. Check to confirm both your private key and certificate have been created:
    [server]$ ls -1
    Certificate.crt
    Private.key

After you create the private key and certificate, you can install them in your panel using these instructions. Open the files to view their contents by running the cat command:

[server]$ cat Certificate.crt
[server]$ cat Private.key

Using a third-party website

There are several websites that allow you to create a self-signed certificate within them, such as this one.

Forcing your site to load HTTPS by default

Even after you add a self-signed certificate to your site, visitors will not use the secure URL unless they manually type in HTTPS before your domain name.

To resolve this, follow the instructions in this article to create a custom configuration file that redirects all traffic to the secure version of your URL (HTTPS).

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?