Posted By: Anonymous
I’m adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps:
openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001 cat key.pem>>cert.pem
This works, but I get some errors with, for example, Google Chrome:
This is probably not the site you are looking for!
The site’s security certificate is not trusted!
Am I missing something? Is this the correct way to build a self-signed certificate?
You can do that in one command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
You can also add
-nodes (short for
no DES) if you don’t want to protect your private key with a passphrase. Otherwise it will prompt you for “at least a 4 character” password.
days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like “Country Name”, but you can just hit Enter and accept the defaults.
-subj '/CN=localhost' to suppress questions about the contents of the certificate (replace
localhost with your desired domain).
Self-signed certificates are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).