Creating a Self-Signed Certificate

OldStrummer · 15 May 2025 01:42

I'm almost embarrassed to admit it, but I don't know how to create a self-signed certificate under Linux. I've done this on Windows, but that was ages ago. Actually, let me reword this: I've created a self-signed certificate with the openssl tool, which gave me both a .crt and a .key file but I don't know how to install it.

Yeah, I know browsers don't respect self-signed certificates, but I simply want to use it so that Webmin doesn't bark at me when I connect to it (it tries https by default, and I need to talk nicely to it to use http). I can tell my browser to accept the self-signed certificate and remember that choice, so it's just a means to save a click or two.

So, I imagine the question I have is how to configure Webmin to accept the certificate? I tried once and got locked out. I had to manually edit the /etc/webmin/minisrv.conf file to back out my work. Anyone done this before?

ugnvs · 15 May 2025 08:44

Hopefully, these links can help.

OldStrummer · 15 May 2025 10:07

Thanks! I've gotten myself wrapped up in setting my Ubuntu MATE server up as a local CA. Overkill, I know.

ugnvs · 15 May 2025 10:10

Have a look at easy-rsa. I've used it and liked it.

OldStrummer · 15 May 2025 10:14

I learned about mkcert, which is, "A simple zero-config tool to make locally trusted development certificates with any names you'd like." Available on github.

ugnvs · 15 May 2025 10:18

I see. Easy-rsa is set of CLI wrapper scripts around openssl with minimal overhead. Just several dialogues allow to deploy and use several independent CA's in different dirs. Available in legacy repos.