A self-signed SSL (Secure Sockets Layer) certificate is a type of digital certificate that is signed by the same entity that created it, rather than a trusted certificate authority (CA). This means that the organization or individual creating the certificate is also the one verifying its authenticity.
Key characteristics:
- Not trusted by default: Self-signed certificates are not trusted by most browsers and devices, as they have not been verified by a trusted CA.
- Used for testing or internal purposes: Self-signed certificates are often used for testing, development, or internal purposes, such as securing internal communications or APIs.
- Free to create: Self-signed certificates can be created at no cost, using tools like OpenSSL.
- Security risks: Self-signed certificates can pose security risks if used in production environments, as they can be vulnerable to man-in-the-middle attacks.
Common use cases:
- Development and testing environments
- Internal communication and APIs
- Small-scale, low-risk applications
- Proof-of-concept or demo environments
Important note: Self-signed certificates should not be used in production environments or for publicly accessible websites, as they can compromise security and trust.
1) Install Go Tools
Download it from: https://go.dev/dl/
wget https://go.dev/dl/go1.23.1.linux-amd64.tar.gza) Remove any previous Go installation
Remove it by deleting the /usr/local/go folder (if it exists), then extract the archive you just downloaded into /usr/local, creating a fresh Go tree in /usr/local/go:
$ rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.1.linux-amd64.tar.gz(You may need to run the command as root or through sudo).
Do not untar the archive into an existing /usr/local/go tree. This is known to produce broken Go installations.
b) Add /usr/local/go/bin to the PATH environment variable.
You can do this by adding the following line to your $HOME/.profile or /etc/profile (for a system-wide installation):
export PATH=$PATH:/usr/local/go/binNote: Changes made to a profile file may not apply until the next time you log into your computer. To apply the changes immediately, just run the shell commands directly or execute them from the profile using a command such as source $HOME/.profile.
c) Verify the Go installation
Verify that you’ve installed Go by opening a command prompt and typing the following command:
$ go version Confirm that the command prints the installed version of Go.
2) Setup Minica
mkdir /opt/minica
cd /opt/minica
git clone https://github.com/jsha/minica.git
go build
## or
# go install3) Generate the self-signed certificate using the following command:
$ minica --domains 'example.com'This will generate the SSL certificate and the private key.
Configure the generated SSL certificate and the private key on Apache, NGINX, etc.
Useful links: