1. Generate a private key
openssl genrsa -out server.key 1024
(If you’re concerned about security you should also look at the
-rand options – see here - otherwise I’ve found this works fine for testing.)
2. Generate a certificate signing request
openssl req -new -key server.key -out server.csr
Answer the questions when prompted – e.g.
- Country Name: UK
- State or Province Name: England
- Locality Name: blank
- Organization Name: DaveJamesMiller.com
- Organizational Unit Name: blank
- Common Name: secure.davejamesmiller.com (Enter the domain name)
- Email Address: firstname.lastname@example.org
The only one that really matters for a self-signed certificate is the Common Name field, which should be set to the domain name.
3. Self-sign the certificate
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
This will be valid for 365 days, but you could increase that if you want to.
4. Configure Apache
This will depend on how your distro is set up, but it will look something like this:
<VirtualHost *:443> ServerName secure.davejamesmiller.com DocumentRoot /var/www/secure/ SSLEngine on SSLCertificateFile /path/to/server.crt SSLCertificateKeyFile /path/to/server.key </VirtualHost>