Self-signed TLS Certificate in LinuxSun 21 August 2016 by Thejaswi Puthraya
Today, I had the necessity to embed an iframe on an HTTPS web page and most browsers now won't allow you to embed an HTTP resource on an HTTPS page raising the mixed content warning. Since the code was quite experimental, I didn't want to deploy it out of localhost. So I setup a self-signed TLS certificate for localhost that was accepted by Google Chrome browser.
First, we need to create a key that will be used to sign our certificate. You will be prompted for a password, which you can enter for now:
openssl genrsa -camellia256 -out server.key 2048
Let's remove the passphrase from the key now:
cp server.key server.key.orig openssl rsa -in server.key.orig -out server.key
Next, we need to create a certificate signing request (CSR) with the above created key. Enter the information you are prompted for:
openssl req -new -key server.key -out server.csr
Create a certificate with validity of 365 days for the above CSR:
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
You can use the above server.key and server.crt in any web server or application of your choice.
Create a single file with the certificate and private key to be added into the store:
cat server.key server.crt > localhost.pem
Finally, add this certificate into our trusted store so that Chrome doesn't complain:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "localhost" -i localhost.pem
Your browser shouldn't complain any more with your self-signed certificate successfully added into the store.