Overview
This article shows you how to create a self-signed SSL certificate.
Background
A self-signed certificate is an SSL certificate that has not been validated by a Certificate Authority (CA).
The level of encryption can be the same as any other certificate, but because it's not validated by a CA, the browser displays a warning when visiting the site. For this reason, these types of certificates are only recommended for internal use on websites that are not publicly accessible.
Do not use a self-signed certificate if your intention is to attract visitors to your site.
How to create a self-signed certificate
You can create a self-signed certificate by either using SSH commands or a third-party website.
Using SSH
These instructions create a certificate on your DreamHost web server.
- Log in to your DreamHost web server via SSH.
- Navigate into your user's home directory:
[server]$ cd ~
- Generate a new RSA private key by entering the following command:
[server]$ openssl genrsa -out Private.key 2048
- This creates a file named Private.key.
- Create the certificate (named Certificate.crt) using this new private key file:
[server]$ openssl req -new -x509 -key Private.key -out Certificate.crt -days 365
After running the command, you're prompted for your site information to create a CSR. You can simply click the Enter key through each prompt since your browser will throw a warning for the Self-Signed certificate by default.
- Check to confirm both your private key and certificate have been created:
[server]$ ls -1 Certificate.crt Private.key
After you create the private key and certificate, you can install them in your panel using these instructions. Open the files to view their contents by running the cat command:
[server]$ cat Certificate.crt [server]$ cat Private.key
Using a third-party website
There are several websites that allow you to create a self-signed certificate within them, such as this one.
Forcing your site to load HTTPS by default
Even after you add a self-signed certificate to your site, visitors will not use the secure URL unless they manually type in HTTPS before your domain name.
To resolve this, follow the instructions in this article to create a custom configuration file that redirects all traffic to the secure version of your URL (HTTPS).