Introduction

Users have a choice to use CA signed certificates and self-signed certificates:

• CA signed certificates are issued by a know Certificate Authority (CA)
• Self-signed certificates are created by the user and are not related to a CA.

There is no difference concerning the type of X.509 certificates, the usage for Server Authentication / Client Authentication, or the encryption of connections.

The article explains how to create self-signed certificates by use of OpenSSL. This utility ships with Linux and most Unix environments and is available for Windows environments. The below examples are focused on Unix.

Create Root CA Certificate

The first step includes to create a private key (root-ca.key) and self-signed certificate (root-ca.crt) for  for the Root CA both in PEM format. This step is performed just once.

...

Create Server Certificate

The For a given server the second step includes to create for a given server a private key and certificate request (CSR). The resulting server certificate will be signed. 

...

In order to run the script successfully the following openssl-cert.config file has to be present. To create a server certificate the CommonName attribute has to be adjusted. The attribute holds

Replace the value of the commonName attribute with the hostname of the server for which the certificate should be created:

...