What are SSL certificates, and how do I create one for free?

Introduction

SSL Certificates are critical when deploying applications or websites.We are familiar with the protocol HTTP. HTTP is the Hypertext Transfer Protocol, which is used to load webpages. It is the protocol (set of rules) that controls the communication between your browser and the server serving the website.It is an application-layer protocol.

Today, everything depends on the internet. Applications are deployed as web apps, which are deployed on servers and accessed using browsers. The popularity of the internet has caused cyber threats and hacking to become more common. 

HTTP as a protocol has certain limitations; one among them is that the communication between client and server in the HTTP protocol is unencrypted, which means that when the client (browser) sends data to the server, this data is passed as plain text through the network. The threat here is that if a hacker gains access to the network, they can read the content of the packets that are transferred. This is a critical flow if the data passed is confidential, like username and password or credit card information. These data, if reached by unauthorized hands, can cause serious problems.

HTTPS (Hypertext Transfer Protocol Secure)

This is the advanced version of HTTP in which it used encryption to encrypt the data before browser  sent it  to server, so an attacker cannot read the content of data even if they got access to it.It is always recommended to use HTTPS websites to do online transaction, banking or logging in to websites.

How HTTPS encrypt traffic

HTTPS uses SSL to encrypt the traffic. SSL ( Secure Socket Layer) is an internet based encryption protocol. We can generate SSL certificate and then use HTTP protocol to encrypt the traffic, there by safe guarding the data that is send and received from client to server and vice versa. SSL certificates are installed at server end. 

By default HTTP uses port : 80 for communication  and HTTPS uses port 443

In this session we are going to create an SSL certificate

SSL certificates can be signed in 2 ways

1. CA signed Certificates

2. Self Signed Certificates

CA signed Certificates

These SSL certificates are signed by well trusted organizations. They are trusted by most browsers. You might have noticed this when visiting websites having a small closed lock symbol in the address bar.if you click there, you can see the verifier and issuer of that certificate. In order to get this certificate server owner or admins have to pay an amount to the CA and they will provide the certificate . SSL certificates have a validity generally 1 year after that it should be renewed. CA signed certificated are appropriate for applications used in organizations or companies. Generally search engines give more priority to websites with this kind of SSL certificate. Users generally feel more safe and secure to browse the website having a trusted SSL certificate there by increasing the traffic to the website.

Self Signed Certificates

A self signed SSL certificate is created and authorized by an individual. They can set the validity period and provide their own details while creating the certificates.It uses an asynchronous encryption using private and public key combination. As these are created by individuals they have less value compared to CA signed ones. But one key point is that self signed certificates are also secure and encrypted.  Only downside is most browser will not trust the certificate and may show a warning message to user.

Creating a self signed SSL certificate

We are going to create a self signed SSL certificate

Requirements

1. Windows/Linux OS

2. Open SSL software : Open SSL is a free software that allows us to create SSL certificates.

3. Basic understanding of terminal

We are using Linux OS for creating the certificate. Certificate creation is actually simple and straight forward.

Steps

Open terminal and type the following command

openssl req -newkey rsa:4096 \

            -x509 \

            -sha256 \

            -days 3650 \

            -nodes \

            -out myssl.crt \

            -keyout myssl.key

Lets discuss what these options are

-newkey rsa:4096 :  Creates a new certificate request and a 4096-bit RSA key.

-x509 :  Creates a X.509 Certificate. 

-days 3650:  The number of days to certify the certificate for. 3650 is ten years.

-nodes: creates a key without a passphrase. 

-out myssl.crt:  Specifies the filename to write the newly created certificate to. You can specify any file name. 

-keyout myssl.key: Specifies the filename to write the newly created private key to. You can specify any file name.

If It will show similar output shown below that means SSL certificate is being created 

Generating a RSA private key

......................................................................++++

........++++

writing new private key to 'myssl.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Now provide the required details to complete the SSL creation

Country Name (2 letter code) [AU]:IN

State or Province Name (full name) [Some-State]:Kerala

Locality Name (eg, city) []:Kottayam

Organization Name (eg, company) [Internet Widgits Pty Ltd]:aswinks.in

Organizational Unit Name (eg, section) []:IT

Common Name (e.g. server FQDN or YOUR name) []:aswinks.in

Email Address []:aswinks.in

Note: You can give the details as per your wish.

After this step is completed, an SSL certificate and private key will be generated and placed at the location we specified

ie, In this instance, the current working directory

Conclusion

In this session we created a self signed SSL certificate. We can use this certificate on any web server like HTTPD, Apache, or Nginx and use the server with the HTTPS protocol. Self signed SSL certificates are only recommended for small organizations or individual use. For enterprise-level applications, only use CA signed SSL certificates.

About the Author

Aswin ks

Also Read:

What is Cloud Computing

Is AI a threat to Humans