Create a Self-Signed Certificate for Apache

Contained within an SSL certificate is information that pertains to you and your secured domain. Lets imaging that you have a web hosting company called Spider and the details for which are shown below.

Country Name (2 letter code):		UK
State or Province Name (full name):	Surrey
Location Name (city):			Camberley
Organisation Name (company):		Spider Web Hosting
Organisation Unit Name (section):	IT Support
Common Name (your domain name):
Email Address ():			[email protected]

A challenge password: 			leave blank
An optional company name: 		leave blank

Generate a Private Key and Certificate Signing Request

Here we generate a Certificate Signing Request and populate it with our details. The -nodes flag tells openssl to create a private key that does not require a pass-phrase. Emitting this flag will prompt for a pass-phrase every time you use it. If installing it on Apache, this will mean entering it every time the Apache service is restarted.

openssl req -new -nodes >

The above command will generate the CSR and the private key in your current directory.

Generate the Certificate

To generate a certificate, you need a Certificate Signing Request and a private key. The output of the below command will create a certificate valid for 365 days, called within your current working directory.

openssl x509 -in -out -req -signkey privkey.pem -days 365

Make sure that the private key is not world-readable but the certificate is.

chmod go-rwx

The above command removes read, write and execute permissions from the group and other users.

Resources Creating Self-Signed SSL Certificates for Apache on Linux Generate a Self-signed SSL in Linux

Unix and Linux System Administration, fourth edition; Nemeth Snyder Hein Whaley.
pages 971-973

The Most Common OpenSSL Commands

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

Generating 2048-bit CSR with OpenSSL

Be the first to comment

Leave a Reply