How to Make a Self-Signed SSL Certificate

Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Deprecated

This guide has been deprecated and is no longer being maintained.

Please refer to the updated version of this guide.

Create a Linode account to try this guide with a $ credit.
This credit will be applied to any valid services used during your first  days.

This guide explains the creation of a self-signed SSL certificate, suitable for personal use or for applications used internally in an organization. The end product may be used with SSL-capable software such as web servers, email servers, or other server systems. We assume that you’ve followed the steps outlined in our Setting Up and Securing a Compute Instance, and that you’re logged into your Linode as root via a shell session.

Installing OpenSSL

Issue the following command to install required packages for OpenSSL, the open source SSL toolkit.

Debian/Ubuntu users:

apt-get update
apt-get upgrade
apt-get install openssl
mkdir /etc/ssl/localcerts

CentOS/Fedora users:

yum install openssl
mkdir /etc/ssl/localcerts

Creating a Self-Signed Certificate

As an example, we’ll create a certificate that might be used to secure a personal website that’s hosted with Apache. Issue the following commands:

openssl req -new -x509 -sha256 -days 365 -nodes -out /etc/ssl/localcerts/example.com.crt -keyout /etc/ssl/localcerts/example.com.key
chmod 600 /etc/ssl/localcerts/example.com*

Change example.com in the above commands to correspond to the domain you are generating the certificate for

You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. We’ve specified the FQDN (fully qualified domain name) of the Linode for the “Common Name” entry, as this certificate will be used for generic SSL service. The -nodes flag instructs OpenSSL to create a certificate that does not require a passphrase. If this option is omitted, you will be required to enter a passphrase on the console to unlock the certificate each time the server application using it is restarted (most frequently, this will happen when you reboot your Linode).

Next Steps

Once your certificate has been generated, you will need to configure your web server to utilize the new certificate. Instructions for doing so with several popular platforms can be found at the links below:

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on


Your Feedback Is Important

Let us know if this guide was helpful to you.


Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.