How to create our web SSL Certificate

Self-signed SSL certificate

In my workday sometimes I had have to create a self-signed SSL certificate (.key and .crt files) to publish a website through Apache or Nginx. I will explain the process in three simple steps:

  • Generate private key without password
openssl genrsa 1024 > web.key
  • Generate a CSR (Certificate Signing Request), this contains all our data to be populated with our certificate:
openssl req -new -key web.key -out web.csr
  • Now we can generate our Self-Signed Certificate valid for 10,000 days:
openssl req -x509 -days 10000 -key web.key -in web.csr -out web.crt

StartSSL certificate

StartSSL.com gives free certificates for subdomains (not wilcard certificates). And is a well known “Certificate Authority” for all common browsers.

You have to sign up at StartSSL.com who will send you a .p12 certificate to authenticate you from your browser, when you log in.

To create a Private Key Certificate go to Certificates wizard > Web Server SSL/TLS certificate, and ask for it.

You will download your ‘server.key’ file for your domain with password. In order to remove server.key password (need that to publish on web):

sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

Name it as “sudomain.myserver.key”

Hours later you can get .crt file at: Toolbox > Retrieve Certificate

In order to run in all browsers you have to add the Intermediate StartSSL Cert at the end of your .crt file. You can get this .pem at: Toolbox > StartCom CA Certificates > Class 1 Intermediate Server CA

Name it as “sudomain.myserver.crt”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>