Self-signed certificate? Why not CA-signed certificate?
Very often we need certificates, mostly for using SSL/TLS in HTTP, FTP, etc. The fastest and cheapest way is the self-signed certificate. It is generated in just a few steps.
However, they don't have to be "self" signed. We can also generate a CA (certification authority) and use it to issue the certificates, e.g. they will be signed by our CA.
This give us the possibility to trust all our certificates by just trusting the CA.
This post shows how to do it with openssl.
Some configuration first
It is much easier if you do some configuration for openssl, if not done so already. The configuration is placed in /etc/ssl/openssl.cnf:
Set the default algorithm to sha1:
Remove these default values:
In case you are planning to create multiple certificates, you can also
configure the common values as defaults to spare some time later.
Generate the CA's key and certificate
Generate a key and "certification request"
Note above, that for "common name" you must enter the FQDN in case you will
use the certificate for HTTPS.