How to create a Self-Signed SSL Certificate
I will explain here how to create a self-signed ssl certificate for testing purposes. I am skipping the usual explanation of the technique, since you already know it.
Generate Private Key
The first step is to create the RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.
$ openssl genrsa -des3 -out domain.key 1024
Generating RSA private key, 1024 bit long modulus
e is 69834 (0x10001)
Enter PEM pass phrase:
Verifying password – Enter PEM pass phrase:
Generate Certificate Signing Request or commonly known as CSR
$ openssl req -new -key domain.key -out domain.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:NU
State or Province Name (full name) :ON
Locality Name (eg, city) [Default City]:NY
Organization Name (eg, company) [Default Company Ltd]:NixUSer.com
Organizational Unit Name (eg, section) :Online
Common Name (eg, your name or your server’s hostname) :NixUSer.com
Email Address :admin@NixUSer.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password :xxxx
An optional company name :NU
Remove Passphrase from Key
If the passphrase is not removed, you have to type in the passphrase every time the apache web server is restarted.
$ cp domain.key domain.key.original
$ openssl rsa -in domain.key.original -out domain.key
The newly created domain.key file will not have passphrase in it.
Generate Self-Signed Certificate
To generate a self-signed certificate valid for 500 days, use the command below.
openssl x509 -req -days 500 -in domain.csr -signkey domain.key -out domain.crt
Getting Private key
Now you can install the self-signed ssl certificate and test.