Self-signed SSL certificate
In my workday sometimes I had have to create a self-signed SSL certificate (.key and .crt files) to publish a website through Apache or Nginx. I will explain the process in three simple steps:
- Generate private key without password
openssl genrsa 1024 > web.key
- Generate a CSR (Certificate Signing Request), this contains all our data to be populated with our certificate:
openssl req -new -key web.key -out web.csr
- Now we can generate our Self-Signed Certificate valid for 10,000 days:
openssl req -x509 -days 10000 -key web.key -in web.csr -out web.crt
StartSSL.com gives free certificates for subdomains (not wilcard certificates). And is a well known “Certificate Authority” for all common browsers.
You have to sign up at StartSSL.com who will send you a .p12 certificate to authenticate you from your browser, when you log in.
To create a Private Key Certificate go to Certificates wizard > Web Server SSL/TLS certificate, and ask for it.
You will download your ‘server.key’ file for your domain with password. In order to remove server.key password (need that to publish on web):
sudo cp server.key server.key.org sudo openssl rsa -in server.key.org -out server.key
Name it as “sudomain.myserver.key”
Hours later you can get .crt file at: Toolbox > Retrieve Certificate
In order to run in all browsers you have to add the Intermediate StartSSL Cert at the end of your .crt file. You can get this .pem at: Toolbox > StartCom CA Certificates > Class 1 Intermediate Server CA
Name it as “sudomain.myserver.crt”