Jump toUpdate content
How to create a self-signed TLS Certificate
Transport Layer Security, or TLS for short, is a common security protocol designed to increase privacy and data security for communications over the Internet. TLS uses a digital certificate to validate the public encryption key provided by a device on the Internet with its private counterpart.
A self-signed certificate can be issued easily on any computer using the
Run the following command to generate a private key file and a CSR file:
openssl req -new -newkey rsa:4096 -nodes -keyout private_key.txt -out csr.txt -subj "/C=FR/ST=Ile-de-France/L=Paris/O=MyInternetCompanyLTD/CN=www.example.com"
The following subcommands are used with the
req: This subcommand specifies the use of the X.509 certificate signing request (CSR) management.
newkey rsa: 4096: This subcommand specifies the creation of a new key and certificate at the same time using a 4096 bit long RSA key.
nodes: This option tells OpenSSL to skip the securisation of the certificate using a passphrase.
keyout: This subcommand defines the location and file name of the private key file
out: This specifies the path and file name of the generated certificate request.
sub: The subject for the certficate. Modify the values of these subcommand to your requirements. The Common Name (CN) represents the domain name you are issuing the certificate for.
Generate a file containing all Subject Alternative Names (SAN) for the certificate. They include websites, IP addresses, common names, etc. They are protected by a single SSL Certificate.
Create a new file called
alt_names.txt, open it in a text editor and edit the file as follows. Make sure to add all domain names and IP addresses that should be protected by the certificate.
Save the file and exit the text editor.
Generate the self-signed certficate using the
openssl x509 -req -extfile alt_names.txt -sha256 -days 365 -in csr.txt -signkey private_key.txt -out certificate.txt
Check that you have the following files in your folder with the
csr.txt: The certficate request
private_key.txt: The private key for the certificate
certificate.txt: The public key for the certificate
Scaleway Load Balancers offer the possibility to use either an auto-generated Let’s Encrypt TLS certificate, your self-generated certificate, or a TLS certificate issued by any other certificate authority.
In this example, we use the previously generated certificate and configure the Load Balancer with it. This procedure also works if you bought a certificate from a certificate authority and got the private and public key with it.
Click Load Balancers on the console side menu. The list of your Load Balancers displays.
Click the Load Balancer name you want to configure. The Load Balancer information displays.
Click the SSL Certificates tab.
Click Create a SSL certificate.
Retrieve the contents
certificate.txtfile and save it somewhere safe. You will need to paste this information in the Certificate text field.
Enter the required details for the SSL certificate, which include:
- SSL Certificate Name: The name of your choice to faciliate certificate management.
- SSL Certificate Type: The type for the SSL certificate, select Import certificate from the drop-down list.
- SSL Third Party Certificate: The full PEM-formatted certificate (from step 5).
Click Create SSL certificate to check and import your third party SSL certificate.
The new TLS certificate displays in the list of available certificates, and you can use it with your Load Balancer.