Web browsers do not see self-signed certificates as valid. That’s why when you browse to a host using self-signed certificates with any web browser, you’ll be prompted with a warning that the certificate can not be trusted. Most self-signed certificates are specifically created to use internally or in a development environment. Websites or applications on the public internet do not use self-signed certificates because they can’t be trusted by major web browsers. If you’re a student or new user learning Linux, the easiest place to start learning is on Ubuntu Linux. Ubuntu is the modern, open-source Linux operating system for desktops, servers, and other devices. To get started with creating self-signed certificates on Ubuntu Linux, follow the steps below.

How to create self-signed certificates on Ubuntu Linux

To generate an SSL/TLS certificate on Ubuntu, the OpenSSL toolkit is required. This tool is usually installed on Ubuntu Linux by default. If not, run the commands below to install it on Ubuntu. To create a new Self-Signed SSL Certificate, use the openssl req command. Below is the command to generate an SSL/TLS certificate for the example.com domain. The command details are as followed:

-newkey rsa:2048 – creates a new certificate request and 2048 bit RSA key. -x509 – creates a X.509 certificate. -sha256 – use 265-bit SHA (Secure Hash Algorithm) to create the certificate -days 365 – the number of days to certify the certificate for. Typically a year or more -nodes – creates a key without a passphrase. -out example.crt – specifies the filename to write the newly created certificate to -keyout example.key – specifies the filename to write the private key to.

Once you press ENTER, the command will generate a private key and prompt you with a series of questions to use to generate the certificate. You’ll provide these answers similar to the ones below. Replace details with your own that represent the certificate you’re generating. After that, two files (example.crt and example.key) will be created in the directory you ran the command. Use these files in your Nginx or Apache setup to enable HTTPS connections. That should do it. Conclusion: This post showed you how to create self-signed SSL/TLS certificates on Ubuntu Linux. If you find any error above or have something to add, please use the comment form below.