Wednesday, March 21, 2012

Create a self-signed SSL Certificate

1. Generating a private key:

openssl genrsa -des3 -out www.domain.com.key 2048 (with password)

openssl genrsa  -out www.domain.com.key 2048 (without password)

2. Generating Certificate Signing Request (CSR):

openssl req -new -key www.domain.com.key -out www.domain.com.csr

give your informations:

Country Name (2 letter code) [GB]:DE

State or Province Name (full name) [Berkshire]:Hessen  

Locality Name (eg, city) [Newbury]:Wiesbaden  

Organization Name (eg, company) [My Company Ltd]: Your Company Ltd 

Organizational Unit Name (eg, section) []:IT  

Common Name (eg, your name or your server's hostname) []:www.domain.com  

Email Address []:admin@domain.com  

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []: 

3. Generating a Self-Signed Certificate

openssl x509 -req -days 365 -in www.domain.com.csr -signkey www.domain.com.key  -out www.domain.com.crt

4. Installing the Private key and Certificate in Apache configuration file:

SSLEngine On

SSLCertificateFile www.domain.com.crt

SSLCertificateKeyFile www.domain.com.key

5. Restart Apache Service

/etc/init.d/apache2 restart