Wad of Stuff: Creating Stronger Self-Signed SSL Certificates For Testing

Friday, 9 March 2012

Creating Stronger Self-Signed SSL Certificates For Testing

I prefer to use Google Chrome (developer channel) as my web browser and recently it began complaining about the self-signed SSL certificates I was using on a number of internal web applications I have developed. The error Chrome displayed was:

The site's security certificate is signed using a weak signature algorithm!

[snip]

I originally created the certificates using the instructions in the Apache SSL FAQ. It turns out that this results in SSL certificates that use the weaker MD5 signature hash algorithm which is the cause of the complaint. This is easily fixed by adding '-sha1' to the openssl command line when generating the certificate. Like so:

$ openssl req -new -x509 -sha1 -nodes -out server.crt -keyout server.key

4 comments:

Unknown said...: Excellent! We really appreciate to your blog post which has extremely easy and quick process to create stronger self signed SSL certificate for testing. Thank you so much for sharing it!

Cheap SSL | RapidSSL; 23 March 2012 at 21:59
Sarah Whitehead said...: Great methodology of SSL interogation here. I suppose taking into consideration the guidelines, one would have to research the source before purchasing a wildcard ssl cert, thankyou for sharing!; 4 April 2012 at 22:22
riverart2000 said...: very very useful worked a treat - thank you very much sire; 13 March 2013 at 23:10
Unknown said...: Superb ! I am excited to learn about this process. I do read about it many times but this is the best tutorial.
digital certificates; 5 August 2013 at 21:34