Creating a self-signed SSL certificate on Linux

The exact commands for generating a self-signed SSL certificate on Linux is something I always forget, so here they are:

Generating a private key

First you need to generate a private key. This private key will be the only key that can decrypt your SSL traffic.

$ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out server.key
$ rm server.pass.key

Generating a CSR (Certificate Signing Request)

Using the private key you’ve generated seconds ago, you must now create a CSR (Certificate Signing Request). In most cases you can just use the default values for everything except the common name. The common name is usually the domain of your website.

$ openssl req -new -key server.key -out server.csr

Signing the certificate

Normally you would pass the CSR to a CA (Certificate Authority) who would sign it for you. But using the following command you sign the certificate yourself.

$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt