Importance of HTTPS

In the world of which hackers are everywhere, our messages and passwords may be easily stolen if they are not encrypted in a network connection. HTTPS provides 2 very important functionalities:

• Encrypted connection
• Trusted URL and website binding

Self-signed Certificates

HTTPS requires a valid certificate to work. While there are many HTTPS services out there like Let’s Encrypt, sometimes we need to sign the certificates on our own. Common scenarios are when the server doesn’t have a public domain name or the server is inside a private network.

Difference between CA-issued Certificates and Self-signed Certificates

Client browsers has a list of trusted certificate authority certificates. If a CA certificate is on the list, other certificates issued by them will also be trusted. Since self-signed certificates are not on the list, clients will see a warning that the certificate of the website is not trusted.

Although the self-signed certificate is not trusted, the connection is still encrypted while using HTTPS.

Trusting the Self-signed Certificate

Importing the certificate into the client’s system can solve the problem.

Generate self-signed Certificates

openssl req -x509 -nodes -days 7300 -newkey rsa:4096 -keyout /etc/ssl/private/selfsigned.key -subj "/C=${C}/ST=${ST}/L=${L}/O=${O}/OU=${OU}/CN=${CN}" -addext "subjectAltName = ${SAN}" -out /etc/ssl/certs/selfsigned.crt

Note that if you are creating a certificate signing request(CSR) the optional fields are usually required.

Web Server Configuration

For web server configurations I recommend checking out https://github.com/RaymiiOrg/cipherli.st.