How to Make a Self-Signed SSL Certificate

Updated , by Linode

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Try this guide to receive $100 at signup on a new account.

This guide has been deprecated and is no longer being maintained.

Please refer to the updated version of this guide.

This guide explains the creation of a self-signed SSL certificate, suitable for personal use or for applications used internally in an organization. The end product may be used with SSL-capable software such as web servers, email servers, or other server systems. We assume that you’ve followed the steps outlined in our getting started guide, and that you’re logged into your Linode as root via a shell session.

Installing OpenSSL

Issue the following command to install required packages for OpenSSL, the open source SSL toolkit.

Debian/Ubuntu users:

apt-get update
apt-get upgrade
apt-get install openssl
mkdir /etc/ssl/localcerts

CentOS/Fedora users:

yum install openssl
mkdir /etc/ssl/localcerts

Creating a Self-Signed Certificate

As an example, we’ll create a certificate that might be used to secure a personal website that’s hosted with Apache. Issue the following commands:

openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/ -keyout /etc/ssl/localcerts/
chmod 600 /etc/ssl/localcerts/*

Change in the above commands to correspond to the domain you are generating the certificate for

You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. We’ve specified the FQDN (fully qualified domain name) of the Linode for the “Common Name” entry, as this certificate will be used for generic SSL service. The -nodes flag instructs OpenSSL to create a certificate that does not require a passphrase. If this option is omitted, you will be required to enter a passphrase on the console to unlock the certificate each time the server application using it is restarted (most frequently, this will happen when you reboot your Linode).

Next Steps

Once your certificate has been generated, you will need to configure your web server to utilize the new certificate. Instructions for doing so with several popular platforms can be found at the links below:

This page was originally published on

Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.