Have you ever verified that your site runs in a secured way. Here is a tip, If your sites runs in https then it is found to be secured if not then its time to enable https for your site using a SSL Certificate to keep it secure.
Insecured:
Secured:
In this article we will see how to create a SSL Certificate that will help to keep our site secure.
What is a SSL Certificate:
SSL stands for Secure Socket Layer. It enables an encrypted way of communication between browsers (Ex: Chrome, Firefox, Safari) and web servers (Ex: Apache, Nginx, etc.,..). This helps us to secure personal information such as passwords, emails, credit card numbers etc..,. For acheving a secure connection an SSL Certificate is required.
Functions of a SSL Certificate:
SSL Certificate authenticates the identity of the servers so the users may know that they are not sending their informations to the wrong server.
SSL Certificate encrypts the data that are being transmitted.
Securing your application with an SSL certificate is the important thing.
SSL Certficate can be provided by CA-Certification Authority called trusted certificate. Some of the CA-Certification Authority DigiCert, Symantec, Thawte, etc..,.
We can also use a self-signed certificate which was totally free.
OpenSSL is a command line tool that is used for TLS (Transport Layer Security) and SSL (Secure Socket Layer) protocols.
By default openssl package will be installed, If you want to install it manually use the below commands,
For RPM based machines,
$ yum install openssl openssl-devel
For Debian based machines,
$ apt-get install openssl
Creating a Private key:
Create a private key using the below command,
$ openssl genrsa -des3 -out ljunix.key 2048
The above command generates a 2048 bit RSA private key. After executing the command you will be asked for a pass-phrase.
If you want to create a key without the pass-phrase you can remove the (-des3) from the command.
jhony@ljunix~$ openssl genrsa -des3 -out ljunix.key 2048
Generating RSA private key, 2048 bit long modulus
....................................................+++
.........................+++
unable to write 'random state'
e is 65537 (0x10001)
Enter pass phrase for ljunix.key:
Verifying - Enter pass phrase for ljunix.key:
jhony@ljunix~$ ls
ljunix.key
Creating a CSR:
A certificate signing request (CSR) contains information (e.g. common name, organization, country). It also contains the public key that will be included in your certificate and is signed with the corresponding private key. To generate a CSR you need the private key.
The above command generates a CSR (Certificate Signing Request). which asks details of your organisation.
jhony@ljunix~$ openssl req -new -key ljunix.key -out ljunix.csr
Enter pass phrase for ljunix.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:Dallas
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LJUnix World
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:ljunix.com
Email Address []:me@ljunix.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:****
An optional company name []:
jhony@ljunix~$ ls
ljunix.csr ljunix.key
If you want to purchase a SSL certificate from a Certificate Authority (CA), you have to provide the CSR to them for generating the certificate.
Creating the Certificate:
Run the below command to create your public certificate which will be valid for 365 days, You need the private key and the CSR to create your certificate.
jhony@ljunix~$ openssl x509 -req -days 365 -in ljunix.csr -signkey ljunix.key -out ljunix.crt
Signature ok
subject=/C=US/ST=Texas/L=Dallas/O=LJUnix World/OU=IT/CN=ljunix.com/emailAddress=me@ljunix.com
Getting Private key
Enter pass phrase for ljunix.key:
jhony@ljunix~$ ls
ljunix.crt ljunix.csr ljunix.key
Done.. You have successfully created a self signed certificate for your domain. Now you can install the certificate on your web server to make your site secure.
Comments