SSL how to: self-signed SSL certifiate creation with open ssl

SSL certificates are widely used in the Internet by different services, so we should be able to create SSL certificates. In my other article I have described how to get free SSL certificate from StartSSL. It is freee, but process is quite complicated anyway and they are providing certificates non-commercial project only. The other way to get certificate is to generate self-signed SSL certificate. That is what I am going to describe in this article and going to use it in my future articles and scripts.

So, lets go forward and create our key and certificate:

Step 1: Create key for the cerificate.

$ openssl genrsa -out key.pem 1024

Step2: Create certificate. Pay attention that as answer to "Common Name": you should put host name of the server you are creating certificate for.

$ openssl req -new -key key.pem -out request.pem

   Country Name (2 letter code) [AU]:UA
   State or Province Name (full name) [Some-State]:
   Locality Name (eg, city) []:Kiev
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:site4fast blog
   Organizational Unit Name (eg, section) []:.
   Common Name (eg, YOUR name) []:site4fast.example.net
   Email Address []:site4fast@example.net

   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:

Step3: Sign certificate.

$ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem

This will create "self-signed certificate". While this will be enough for testing purposes, you may want your certificate to be signed by one of certification authorities like StartSSL, VeriSign, Comodo or other.