How to create our web SSL Certificate

Self-signed SSL certificate

In my workday sometimes I had have to create a self-signed SSL certificate (.key and .crt files) to publish a website through Apache or Nginx. I will explain the process in three simple steps:

  • Generate private key without password
openssl genrsa 1024 > web.key
  • Generate a CSR (Certificate Signing Request), this contains all our data to be populated with our certificate:
openssl req -new -key web.key -out web.csr
  • Now we can generate our Self-Signed Certificate valid for 10,000 days:
openssl req -x509 -days 10000 -key web.key -in web.csr -out web.crt

StartSSL certificate

StartSSL.com gives free certificates for subdomains (not wilcard certificates). And is a well known “Certificate Authority” for all common browsers.

You have to sign up at StartSSL.com who will send you a .p12 certificate to authenticate you from your browser, when you log in.

To create a Private Key Certificate go to Certificates wizard > Web Server SSL/TLS certificate, and ask for it.

You will download your ‘server.key’ file for your domain with password. In order to remove server.key password (need that to publish on web):

sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

Name it as “sudomain.myserver.key”

Hours later you can get .crt file at: Toolbox > Retrieve Certificate

In order to run in all browsers you have to add the Intermediate StartSSL Cert at the end of your .crt file. You can get this .pem at: Toolbox > StartCom CA Certificates > Class 1 Intermediate Server CA

Name it as “sudomain.myserver.crt”