Generating a self-signed cert with openssl that works in Chrome 58

To create a self-signed certificate that works with Chrome 58 using OpenSSL, you can follow these steps:

Generate a private key:
Use the following command to generate a private key. This example uses a 2048-bit RSA key:
Copied!
```
openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
```
Create a Certificate Signing Request (CSR):
Generate a CSR using the private key created in the previous step:
Copied!
```
openssl req -new -key key.pem -out csr.pem
```
During the process, you'll be prompted to enter information like country, state, organization, etc. For a self-signed certificate, you can use dummy data.
Generate a Self-Signed Certificate:
Create a self-signed certificate using the CSR:
Copied!
```
openssl x509 -req -in csr.pem -signkey key.pem -out cert.pem -days 365
```
Adjust the -days parameter to set the validity period of the certificate. The example uses 365 days.
Combine the Certificate and Key:
Create a combined file containing the certificate and the private key:
Copied!
```
cat key.pem cert.pem > ssl_certificate.pem
```

This creates a self-signed certificate that should be compatible with Chrome 58. However, note that self-signed certificates are inherently less secure than those signed by a trusted Certificate Authority (CA) and might prompt security warnings in browsers.

To use the generated certificate in a web server, replace the SSL configuration with the generated ssl_certificate.pem file.

Remember, if you're dealing with a production environment or public-facing website, it's highly recommended to use a certificate signed by a trusted CA to avoid security warnings and ensure a secure connection for your users.

Got an article suggestion? Let us know

Explore more

SSL

Solved: curl: (35) ssl connect error

The main course of this problem is the outdated `curl` package on your system.