Generate a Self-Signed SSL Certificate

First, determine the name to be used for the key. For a webserver, use the fully qualified domain name. For a more general key (*.mydomain.com), just use the domain. The following example creates a general purpose 2048-bit key for jross.org that is valid for 10 years. Generate a private key and secure it with a passphrase. This passphrase will be temporarily.

openssl genrsa -des3 -out jross.org.key 2048

Generate the certificate signing request.

openssl req -new -key jross.org.key -out jross.org.csr

Answer the questions as prompted

  • Country Name: US
  • State or Province Name: Michigan
  • Locality Name (eg, city) [Default City]:Detroit
  • Organization Name: Jonathan E. Ross
  • Organizational Unit Name: JRoss.org
  • Common Name: *.jross.org
  • Email Address: something@jross.org
  • A challenge password: (leave blank)
  • An optional company name: (leave blank)

Remove the temporary passphrase from the private key.

cp jross.org.key jross.org.key.org
openssl rsa -in jross.org.key.org -out jross.org.key
rm jross.org.key.org

Sign the certificate signing request ourselves.

openssl x509 -req -days 3650 -in jross.org.csr -signkey jross.org.key -out jross.org.crt