Self Signed Certificates

It is recommended to avoid using self-signed certificates in production. ...we can't always adhere to what is recommended. ...sometimes, that's for a very good reason.

Generating Self-Signed Certificates

There are a plethora of ways! Here are a few that I like:

 cd $(mktemp -d) && pwd     # Create a temp directory and change into it
openssl req -newkey rsa:2048 -x509 -nodes -days 3560 -out gitlab.crt -keyout gitlab.key
chmod o-r gitlab.key

These are a slightly modified version of what's in the GitLab documentation. I did all this as I set up FusionAuth with GitLab, hence the filenames.

The command line is great but openssl can be a bit much if you just want to do the thing so you can move on to what you're really trying to do. I like TinyCA for those moments. It's a little GUI wrapper for openssl that makes generating self-signed certs a little less like casting a spell. There's also xca.

Smallstep has a free for dev certificate management solution that seems interesting.

Using Self-Signed Certificates

Testing Self-Signed Certificates