Sentry Answers>Linux>

Generate a self-signed TLS/SSL certificate

Generate a self-signed TLS/SSL certificate

David Y.

The Problem

How can I generate a self-signed SSL certificate in Linux?

The Solution

We can do this using the openssl toolkit. This should be installable using your distribution’s package manager and is likely to be already installed on your system.

First, we generate a private key for the certificate. The command below will generate a 2048-bit RSA private key to the file priv.key:

Click to Copy
openssl genrsa -out priv.key 2048

Next, we use the private key to generate our certificate. The command below will generate a self-signed certificate valid for 365 days to the file cert.crt:

Click to Copy
openssl req -new -x509 -key priv.key -out cert.crt -days 365

When running this command, you will be prompted to enter certificate information, such as country, state, and organization name. This information will go into the certificate’s subject field.

Depending on the certificate’s intended use case, we may also need to generate a PEM file, containing both the private key and certificate. We can do this with the following command:

Click to Copy
cat priv.key cert.crt > combined.pem

Finally, we can validate the certificate with this command, which should output the information we entered when generating it:

Click to Copy
openssl x509 -in cert.crt -text -noout

Note that self-signed certificates are not generally considered appropriate for use on public websites. Although a self-signed certificate allows the connection between a server and client to be encrypted with TLS, it provides no verification of the server’s identity, as anyone can generate a self-signed certificate with any subject. For public websites, we should instead use a certificate issued by a Certificate Authority, such as Let’s Encrypt, which provides trusted certificates free of charge, facilitated by an automated domain verification process.

  • Syntax.fmListen to the Syntax Podcast
  • ResourcesWhat is Distributed Tracing
  • Syntax.fm logo
    Listen to the Syntax Podcast

    Tasty treats for web developers brought to you by Sentry. Get tips and tricks from Wes Bos and Scott Tolinski.

    SEE EPISODES

Considered “not bad” by 4 million developers and more than 100,000 organizations worldwide, Sentry provides code-level observability to many of the world’s best-known companies like Disney, Peloton, Cloudflare, Eventbrite, Slack, Supercell, and Rockstar Games. Each month we process billions of exceptions from the most popular products on the internet.

© 2024 • Sentry is a registered Trademark of Functional Software, Inc.