To quickly generate a self-signed certificate, follow the steps below. Note that self-signed certificates should be avoided in production environments.
Generate the private key (here, 1024-bit is used, but you can change that to lower/higher):
openssl genrsa –out ca.key 1024
Generate the certificate signing request:
openssl req –new –key ca.key –out ca.csr
You will be asked for information to include in the signing request:
Note that for internal use, there's no need for the info to be accurate.
Once the CSR has been generated, you can self-sign (= create) the corresponding certificate:
openssl x509 –req –days 365 –in ca.csr –signkey ca.key –out ca.crt
After signing the certificate, the CSR is no longer needed. For use with Apache, you need the private key (ca.key) and certificate file (ca.crt).