Create an SSL Certificate/Old
From charlesreid1
Installing
Prerequisites
In order to create your own SSL certificate, you'll need OpenSSL installed on your machine.
Creating a Certificate Authority
Typically, a company will pay hundreds or thousands of dollars to a Certificate Authority, and in return that company's website will be granted an "official" signed SSL Certificate.
A signed SSL Certificate means the SSL Certificate is trusted by an authority. This makes it possible to make secure connections between a user and a server.
To create a new CA:
$ /usr/local/ssl/misc/CA.pl -newca
</syntaxhighglight>
If you want to go back and change information about the key (e.g. you wanted to change the number of days it will be valid), you can run:
<syntaxhighlight>
$ openssl x509 -in demoCA/cacert.pem -days 1024 -out cacert.pem -signkey demoCA/private/cakey.pem
$ cp cacert.pem demoCA
Generating the Server Certificate
This creates a certificate for your server, which is signed by the CA authority (normally someone like Verisign, but in this case YOU).
The "-nodes" option prevents the pass phase from being required at each reboot.
$ openssl req -new -nodes \
-subj '/CN=mydomain.com/O=Blah blah blah/C=US/ST=State/L=Place/emailAddress=username@somewhere.com' \
-keyout FOO-key.pem -out FOO-req.pem -days 3650
</syntaxhighglight>
Note above that "/0=Blah blah blah" must match the name given in the the origional CA. For example, "/0=blahblahblah." will not work. It must be exact.
= Signing the Server Certificate =
Once you've created the server certificate, it's time to sign it using the certificate authority power, which we granted ourselves.
<syntaxhighlight>
$ openssl ca -out FOO-cert.pem -infiles FOO-req.pem