Creating a self-signed SSL certificate for Apache
by Brian on Aug.06, 2005, under Mac OSX, OpenBSD
To support https transactions in Apache, you will need to generate an RSA certificate.
# openssl genrsa -out /etc/ssl/private/server.key 1024
Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers
# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
The next step is to generate a Certificate Signing Request which is used
to get a Certifying Authority (CA) to sign your certificate. To do this
use the command:
# openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr
This server.csr file can then be given to Certifying Authority who will sign the key.
You can also sign the key yourself, using the command:
# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt