These are the ready commands to create self-signed SSL certificate. These certificates can be used for testing purposes. For a production-grade application, you need to contact a CA authority to get the actual SSL certificate. But for your internal testing, you can always use a self-signed SSL certificate.
Here are the steps to create a Self Signed SSL certificate using OpenSSL
# generate self sigend ssl certificate
rm -rf *.pem
echo "Generating CA certificates"
# Step 1: generate CAs certificate
openssl req -x509 -newkey rsa:4096 -days 365 -keyout ca-key.pem -out ca-cert.pem -subj "/C=IN/ST=kartnataka/L=bangalore/O=test/OU=test/CN=*.test.com/emailAddress=test@test"
#inspect the CAs certificate
#openssl x509 -in ca-cert.pem -noout -text
# Step 2 generate server sign request certificate which will be used for self signing. Change the subject to as per web server
echo "Generating Server certificate sign request"
openssl req -newkey rsa:4096 -keyout server-key.pem -out server-req.pem -subj "/C=IN/ST=kartnataka/L=bangalore/O=sever/OU=server/CN=*.server.com/emailAddress=server@test"
#openssl x509 -in server-req.pem -noout -text
# Step 3 Sign certificate
echo "Signing the server certificate with CA"
openssl x509 -req -in server-req.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-signed-cert.pem
# Inspect the signed certificate
#openssl x509 -in server-signed-cert.pem -noout -text
