Linux : How to generate SSL certificate key pair

By | December 3, 2011

Here are the few steps to generate the private key, certificate signed request, self-signed certificate and how to get rid of the passphrase request when starting you’re application .

Okay, let’s start. Go to the directory you want to store you’re certificate stuff. This example will assume you’re common name (aka : host name) will be “secure.certificate.tld”.

First, create a private key :

Second, create a certificate signed request (known as CSR) :

Almost done. You may now provide the CSR to your Certificate Authority (CA) issuer to obtain you’re certificate. You may also generate a self-signed certificate if you do not need to purchase one. It is absolutely secure to use a self-signed certificate, but a warning will be displayed to you’re visitors that the certificate is not valid. That’s why it’s not appropriate for online sales.

Now, you may notice that every time you start you’re application (that use you’re certificate) ask for passphrase before starting. You can get rid of the passphrase with the following steps.

Backup the key file before :

Then, remove the passphrase :

For more security, make sure the key file is only readable by root :

Be Sociable, Share!