Generate SSL certificates

To use HTTPS for web traffic, you will need to obtain a valid Apache SSL certificate.

When generating an Apache (mod_ssl) SSL certificate, you have two options:

Regardless of which option you select, the process is almost identical.

  1. Know the fully qualified domain name (FQDN) of the website for which you want to request a certificate. If you want to access your site through https://www.example.com, then the FQDN of your website is www.example.com.
    Note: This is also known as your common name.
  2. Generate the key with the SSL genrsa command.
    • openssl genrsa -out www.example.com.key 1024

    This command generates a 1024 bit RSA private key and stores it in the file www.example.com.key.

    Tip: Back up your www.example.com.key file, because without this file your SSL certificate will not be valid.
  3. Generate the CSR with SSL req command.
    • openssl req -new -key www.example.com.key -out www.example.com.csr

    This command will prompt you for the X.509 attributes of your certificate. Give the fully qualified domain name, such as www.example.com, when prompted for Common Name.

    Note: Do not enter your personal name here. It is requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website.
  4. Generate a self-signed certificate.
    • openssl x509 -req -days 370 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.crt

    This command will generate a self-signed certificate in www.example.com.crt.

You will now have an RSA private key in www.example.com.key, a Certificate Signing Request in www.example.com.csr, and an SSL certificate in www.example.com.crt. The self-signed SSL certificate that you generated will be valid for 370 days.