Coding Geekery Linux

Generate a Self-Signed SSL Certificate in 2 Easy Steps

SSL is a secure protocol that establishes an encrypted communication channel between web servers and browsers. Its primary purpose is to prevent sensitive information from being exposed to or stolen by identity thieves or hackers. These can cost a pretty penny to have made signed for you by an SSL company. You don’t want to spend money doing this on your little test website, but you don’t want that website to be compromised either. Whatever can you do?

Is it possible to generate your own domain’s SSL certificate? You can! And it’s quite easy to do as well. In today’s post, I’ll show you how.

But let me first put it out there: It’s a VERY BAD IDEA if you intend to make your domain publicly available. Google doesn’t like self-signed certificates, neither do a few virus scanners and they’ll warn visitors to your site not to trust your certificate (judging you before they even know you). It can also affect your SEO ranking, or how easily someone on the public internet can see your website if they do a search for it. So if your website is going to be a public website that you want to become popular, do it the way Google wants you to do it. And what they want is for you to get a reputable company to sign the SSL certificate for you (also make sure said certificate covers your subdomains, this article has more information on what subdomains are as well as info on other points discussed above

Ahh, the air’s more breathable now that the elephant’s out of the room! You’re still here? Good. Let’s proceed!

Let’s say you do need a self-signed SSL certificate for one of your domains and its subdomains, and you don’t feel like typing more than two commands. You’re in luck! First and foremost, find a cosy (and preferably organized) place for your certificates to live. I personally like to stick them in /data/ssl/certs/[domain]/[subdomain]/, but to each their own.

Command #1:
openssl req -new -nodes -keyout domain.key -out domain.csr
This command generates both a domain server key and a certficate signing request, which you’ll need to generate your crt file in command #2.
It will ask you a bunch of questions. The important one is the “Common Name”, as it is the one that needs to match your domain.
For example, I setup a certificate for, so I set the common name to “” hmmkay?

Command #2:
openssl x509 -req -days 365 -in domain.csr -signkey domain.key -out domain.crt
There you have it, your domain certificate will be valid for a year!

As a bonus, here’s how I setup nginx to redirect all https traffic to http, using my shiny new self-signed SSL cert:

In nginx.conf

server {
listen *:443;
ssl on;
rewrite ^(.*)$1 permanent;

ssl_certificate /data/ssl/certs/quotir/www/quotir.crt;
ssl_certificate_key /data/ssl/certs/quotir/www/quotir.key;

And that’s about it. Having a self-signed SSL is a great way to test out your own websites or to secure websites you have no intention of letting loose on the wild web. Happy Sysadmining friends and don’t be shy, say hello!


Ubuntu 13.04 Final Beta is out!

I had the chance to upgrade from Ubuntu 12.10 to 13.04 Final Beta last night on my netbook. As is customary now, every six months this public transit-friendly computer goes through a mandated OS upgrade… and what a treat!

The Unity┬áDesktop & Netbook environment is maturing and it shows! It’s much faster, more responsive, and allows me to fully enjoy my morning treat: Programming some Rails while riding Caltrain (Is there a pun? Didn’t think so either).

So, how does one upgrade to a pre-release version of Ubuntu? Easy!

Open the Terminal and type the following command:
sudo do-release-upgrade -d

There is a GUI-based way to do it as well, but who would want to do that anyway!?

Blog Linux

How Ubuntu Beat Apple at Its Own Game

Cmd + Space to Open

Remember Spotlight?

Well, it seems like Mark Shuttleworth and his team at Canonical took a shot at it and hit the Apple straight in the seeds!

For those of us less familiar with OS X, Spotlight enables you to quickly access files or applications. Just start typing a keyword and your app or file’s name will show up as an option that you can select to access, much like Google’s Instant Search or the Windows Start Menu Search.

… And then there is HUD.

In Ubuntu 12.04 (Precise Pangolin), HUD takes the Spotlight premise and extends it to your current context.

You’re in a browser? Type a URL in HUD and there goes your browser making good on fetching your website! Search help, history, option menus. It’s ALL in HUD!

In an Image Editor? Same principle. Apply filters, resize, add layers, change colors all from the HUD. HUD is like the best friend you’ve never had, always listening and ready to help, no matter what the context!

As the great Ed DJ once said:
Powered by Wordpress Plugins - Get the full version!

Now, Ubuntu users can swear by the HUD! More about it in this video: