github.com/technosophos/deis@v1.7.1-0.20150915173815-f9005256004b/docs/reference/self-signed-certs.rst

github.com/technosophos/deis@v1.7.1-0.20150915173815-f9005256004b/docs/reference/self-signed-certs.rst (about)

     1  :title: Creating a Self-Signed SSL Certificate
     2  :description: How to generate a self-signed certificate for securing your application's endpoints
     3  
     4  .. _creating_self_signed_ssl:
     5  
     6  Creating a Self-Signed SSL Certificate
     7  ======================================
     8  
     9  When :ref:`using the app ssl <app_ssl>` feature for non-production applications or when
    10  :ref:`installing SSL for the platform <platform_ssl>`, you can avoid the costs associated with the SSL
    11  certificate by using a self-signed SSL certificate. Though the certificate implements full
    12  encryption, visitors to your site will see a browser warning indicating that the certificate should
    13  not be trusted.
    14  
    15  
    16  Prerequisites
    17  -------------
    18  
    19  The openssl library is required to generate your own certificate. Run the following command in your
    20  local environment to see if you already have openssl installed.
    21  
    22  .. code-block:: console
    23  
    24      $ which openssl
    25      /usr/bin/openssl
    26  
    27  If the which command does not return a path then you will need to install openssl yourself:
    28  
    29  +----------------+---------------------------------+
    30  | If you have... | Install with...                 |
    31  +================+=================================+
    32  | Mac OS X       | Homebrew: brew install openssl  |
    33  +----------------+---------------------------------+
    34  | Windows        | complete package .exe installed |
    35  +----------------+---------------------------------+
    36  | Ubuntu Linux   | apt-get install openssl         |
    37  +----------------+---------------------------------+
    38  
    39  
    40  Generate Private Key and Certificate Signing Request
    41  ----------------------------------------------------
    42  
    43  A private key and certificate signing request are required to create an SSL certificate. These can
    44  be generated with a few simple commands. When the openssl req command asks for a “challenge
    45  password”, just press return, leaving the password empty.
    46  
    47  .. code-block:: console
    48  
    49      $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
    50      ...
    51      $ openssl rsa -passin pass:x -in server.pass.key -out server.key
    52      writing RSA key
    53      $ rm server.pass.key
    54      $ openssl req -new -key server.key -out server.csr
    55      ...
    56      Country Name (2 letter code) [AU]:US
    57      State or Province Name (full name) [Some-State]:California
    58      ...
    59      A challenge password []:
    60      ...
    61  
    62  
    63  Generate SSL Certificate
    64  ------------------------
    65  
    66  The self-signed SSL certificate is generated from the server.key private key and server.csr files.
    67  
    68  .. code-block:: console
    69  
    70      $ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    71  
    72  The server.crt file is your site certificate suitable for use with
    73  :ref:`Deis's SSL endpoint <app_ssl>` along with the server.key private key.