Generating a self-signed cert with openssl that works in Chrome 58

To create a self-signed certificate that works with Chrome 58 using OpenSSL, you can follow these steps:

1. Generate a private key:

   Use the following command to generate a private key. This example uses a 2048-bit RSA key:

    

   Copied!

   openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
   
   

2. Create a Certificate Signing Request (CSR):

   Generate a CSR using the private key created in the previous step:

    

   Copied!

   openssl req -new -key key.pem -out csr.pem
   
   

   During the process, you'll be prompted to enter information like country, state, organization, etc. For a self-signed certificate, you can use dummy data.

3. Generate a Self-Signed Certificate:

   Create a self-signed certificate using the CSR:

    

   Copied!

   openssl x509 -req -in csr.pem -signkey key.pem -out cert.pem -days 365
   
   

   Adjust the -days parameter to set the validity period of the certificate. The example uses 365 days.

4. Combine the Certificate and Key:

   Create a combined file containing the certificate and the private key:

    

   Copied!

   cat key.pem cert.pem > ssl_certificate.pem
   
   

This creates a self-signed certificate that should be compatible with Chrome 58. However, note that self-signed certificates are inherently less secure than those signed by a trusted Certificate Authority (CA) and might prompt security warnings in browsers.

To use the generated certificate in a web server, replace the SSL configuration with the generated ssl_certificate.pem file.

Remember, if you're dealing with a production environment or public-facing website, it's highly recommended to use a certificate signed by a trusted CA to avoid security warnings and ensure a secure connection for your users.

Got an article suggestion? Let us know

Explore more

SSL

Solved: curl: (35) ssl connect error

The main course of this problem is the outdated `curl` package on your system.

Questions

Solved: Error 526 Invalid SSL Certificate

Error 526 indicates Cloudflare is unable to successfully validate the SSL certificate on the origin web server and the SSL setting in the Cloudflare SSL/TLS app is set to Full SSL (Strict) for the website.

Questions

Solved: SSL_Error_rx_record_too_long

The usual cause is that the implementation of SSL on your server is not correct. The error is usually caused by a server-side problem which the server administrator will need to investigate.

Questions

Solved: ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When you are accessing the HTTPS secured website a series of steps is taken in the background to ensure that the connection is safe and trusted. Some of these steps consist of checking certificates. If the browser does not believe that the connection would be secure it displays this error.

Questions

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.