Ads by ProfitSence
Close

Generate Self Signed Certificate

Last Updated on Wednesday 5th Oct 2022

Create Self Signed Certificate

  • OpenSSL Create Self Signed Certificate.
  • OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end.
  • It's easy to create a self-signed certificate.
  • You just use the openssl req command.
  • It can be tricky to create one that can be consumed by the largest selection of clients, like browsers and command line tools.
  • Use the following command to generate a self-signed certificate and enter a passphrase when prompted.

OpenSSL Self Signed Certificate

Generate a private key

  • A private key helps to enable encryption and is the most important component of our certificate.

Use the following command to generate a private key with ECDSA

			
					openssl ecparam -genkey -name prime256v1 | openssl ec -out private.key

			
	

A response similar to this one should be displayed

			
					read EC key
writing EC key

			
	

Generate SSL Certificate

Alternatively, use the following command to generate a private ECDSA key protected by a password.

			
					openssl ecparam -genkey -name prime256v1 | openssl ec -aes256 -out private.key -passout pass:PASSWORD

			
	

Use the following command to generate a private key with RSA

			
					openssl genrsa -out private.key 2048

			
	

A response similar to this one should be displayed

			
					Generating RSA private key, 2048 bit long modulus
............................................+++
...........+++
e is 65537 (0x10001)

			
	

Alternatively, use the following command to generate a private RSA key protected by a password

			
					openssl genrsa -aes256 -out private.key 2048 -passout pass:PASSWORD

			
	

When using a password-protected private key, the password must be provided through the environment variable MINIO_CERT_PASSWD using the following command.

			
					export MINIO_CERT_PASSWD=<PASSWORD>

			
	
  • The default OpenSSL format for private encrypted keys is PKCS-8, but MinIO only supports PKCS-1.
  • An RSA key that has been formatted with PKCS-8 can be converted to PKCS-1 using the following command.
			
					openssl rsa -in private-pkcs8-key.key -aes256 -passout pass:PASSWORD -out private.key

			
	

OpenSSL Generate Self Signed Certificate

If we want our certificate signed, we need a certificate signing request (CSR)

			
					openssl req -key domain.key -new -out domain.csr

			
	

We can also create both the private key and CSR with a single command.

			
					openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<domain.com>"

			
	

Note: Replace <domain.com> with the development domain name.

  • Alternatively, use the command below to generate a self-signed wildcard certificate that is valid for all subdomains under <domain.com>.
  • Wildcard certificates are useful for deploying distributed MinIO instances, where each instance runs on a subdomain under a single parent domain.
			
					openssl req -new -x509 -days 3650 -key private.key -out public.crt -subj "/C=US/ST=state/L=location/O=organization/CN=<*.domain.com>"