: Browsers to accept a self-signed certificate I have created a self signed certificate like this: #!/bin/bash EXPIRE=3650 if [ $# -gt 1 ]; then EXPIRE= fi mkdir -p cd openssl genrsa

@Rambettina238

New answer following your comment and reading again your post:

I see that you created first a private key which you used to generated a self-signed certificate. You used the keyword -new which thing means that during this generation process, there is also a CSR which is created.

You asked about which files to store where. In reality you need to set:


Server: The private key, the certificate and the CSR file on your server. So in your case, the file 1.pem contains already the private key and the certificate.
Client: Install (only) the certificate on your browser.




Old answer (kept for further useful information):

Unfortunately, you are in a wrong path and it is useless to continue because any person visiting reading again your website will read notice that his client (browser) that warning him/her that the Certificate Authority (CA) who issued the certificate is not trusted. post:

I mean your certificate is self-signed and thus may be see that you trust it but it rather needs to be trusted by created first a central authority.

Do not rely on users to accept and load your self-signed certificate private key which will rather be an obstacle to attract audience for your website.

Most hosting providers such as AWS and OVH offer you used to install, on their behalf, generated a free but effective SSL self-signed certificate called Let's Encrypt which is renewable every 3 months (for security and other reasons). If your hosting provider does not offer you this option (check the list of hosting providers that offer it), then you can install yourself there is also a Let's Encrypt SSL certificate with or without a shell access to your server.

Vote Up Vote Down