by lunarg on July 23rd 2019, at 09:54

To quickly generate a self-signed certificate, follow the steps below. Note that self-signed certificates should be avoided in production environments.

Generate the private key (here, 1024-bit is used, but you can change that to lower/higher):

openssl genrsa –out ca.key 1024

Generate the certificate signing request:

openssl req –new –key ca.key –out ca.csr

You will be asked for information to include in the signing request:

  • Country name (2 letters)
  • State or province
  • Full locality name (city)
  • Organization name
  • Department / organizational unit
  • Common name (or distinguished name): should be set to the FQDN of your server
  • E-mail address: set to a local contact (usually the system admin)

Note that for internal use, there's no need for the info to be accurate.

Once the CSR has been generated, you can self-sign (= create) the corresponding certificate:

openssl x509 –req –days 365 –in ca.csr –signkey ca.key –out ca.crt

After signing the certificate, the CSR is no longer needed. For use with Apache, you need the private key (ca.key) and certificate file (ca.crt).