Generate SSL certificates

To use HTTPS for web traffic, you will need to obtain a valid Apache SSL certificate.

When generating an Apache (mod_ssl) SSL certificate, you have two options:

Regardless of which option you select, the process is almost identical.

  1. Know the fully qualified domain name (FQDN) of the website for which you want to request a certificate. If you want to access your site through, then the FQDN of your website is
    Note: This is also known as your common name.
  2. Generate the key with the SSL genrsa command.
    • openssl genrsa -out 1024

    This command generates a 1024 bit RSA private key and stores it in the file

    Tip: Back up your file, because without this file your SSL certificate will not be valid.
  3. Generate the CSR with SSL req command.
    • openssl req -new -key -out

    This command will prompt you for the X.509 attributes of your certificate. Give the fully qualified domain name, such as, when prompted for Common Name.

    Note: Do not enter your personal name here. It is requesting a certificate for a webserver, so the Common Name has to match the FQDN of your website.
  4. Generate a self-signed certificate.
    • openssl x509 -req -days 370 -in -signkey -out

    This command will generate a self-signed certificate in

You will now have an RSA private key in, a Certificate Signing Request in, and an SSL certificate in The self-signed SSL certificate that you generated will be valid for 370 days.