Contained within an SSL certificate is information that pertains to you and your secured domain. Lets imaging that you have a web hosting company called Spider and the details for which are shown below.
Country Name (2 letter code): UK State or Province Name (full name): Surrey Location Name (city): Camberley Organisation Name (company): Spider Web Hosting Organisation Unit Name (section): IT Support Common Name (your domain name): spiderwebhosting.com Email Address (): [email protected] A challenge password: leave blank An optional company name: leave blank
Generate a Private Key and Certificate Signing Request
Here we generate a Certificate Signing Request and populate it with our details. The
-nodes flag tells openssl to create a private key that does not require a pass-phrase. Emitting this flag will prompt for a pass-phrase every time you use it. If installing it on Apache, this will mean entering it every time the Apache service is restarted.
openssl req -new -nodes > spiderwebhosting.com.csr
The above command will generate the CSR and the private key in your current directory.
Generate the Certificate
To generate a certificate, you need a Certificate Signing Request and a private key. The output of the below command will create a certificate valid for 365 days, called spiderwebhosting.com.cert within your current working directory.
openssl x509 -in spiderwebhosting.com.csr -out spiderwebhosting.com.cert -req -signkey privkey.pem -days 365
Make sure that the private key is not world-readable but the certificate is.
chmod go-rwx spiderwebhosting.com.cert
The above command removes read, write and execute permissions from the group and other users.
Linux.com: Creating Self-Signed SSL Certificates for Apache on Linux
Hosting.com: Generate a Self-signed SSL in Linux
Unix and Linux System Administration, fourth edition; Nemeth Snyder Hein Whaley.
The Most Common OpenSSL Commands
What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?
Generating 2048-bit CSR with OpenSSL