Creating a self-signed SSL certificate

Without a CA:
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out server.crt -keyout server.key
- Set the Common Name (CN) to the FQDN and enter "." for everything else.
Creating a CA and sign a server certificate with it:
- $ openssl req -new -x509 -sha256 -newkey rsa:2048 -days 10000 -nodes -out myCA.crt -keyout myCA.key
- Set the Common Name (CN) to something like "ACME root certificate" and enter "." for everything else.
- $ openssl genrsa -out server.key 2048
- $ openssl req -new -key server.key -out server.csr
- Set the Common Name (CN) to the FQDN and enter "." for everything else.
- $ openssl x509 -req -sha256 -in server.csr -CA myCA.crt -CAkey myCA.key -CAcreateserial -out server.crt -days 10000
Put files server.crt and server.key to /etc/httpd/ (on Slackware) and set their permissions to 400.

Navigation menu