SSL certificates are widely used in the Internet by different services, so we should be able to create SSL certificates. In my other article I have described how to get free SSL certificate from StartSSL. It is freee, but process is quite complicated anyway and they are providing certificates non-commercial project only. The other way to get certificate is to generate self-signed SSL certificate. That is what I am going to describe in this article and going to use it in my future articles and scripts.
So, lets go forward and create our key and certificate:
Step 1: Create key for the cerificate.
$ openssl genrsa -out key.pem 1024
Step2: Create certificate. Pay attention that as answer to "Common Name": you should put host name of the server you are creating certificate for.
$ openssl req -new -key key.pem -out request.pem Country Name (2 letter code) [AU]:UA State or Province Name (full name) [Some-State]: Locality Name (eg, city) :Kiev Organization Name (eg, company) [Internet Widgits Pty Ltd]:site4fast blog Organizational Unit Name (eg, section) :. Common Name (eg, YOUR name) :site4fast.example.net Email Address :firstname.lastname@example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Step3: Sign certificate.
$ openssl x509 -req -days 30 -in request.pem -signkey key.pem -out certificate.pem
This will create "self-signed certificate". While this will be enough for testing purposes, you may want your certificate to be signed by one of certification authorities like StartSSL, VeriSign, Comodo or other.