So let’s get started. You need to install OpenSSL. I am using Ubuntu 8.04 with Apache ver 2.
If you haven’t yet installed OpenSSL, you can do so by typing the following on your command prompt:
Most of the steps require administrator access so make sure that you have made yourself administrator using su or you are using sudo in front of all of the commands.
Now create your server.key file using the following command:
openssl genrsa -des3 -out server.key 4096
Now create a Certificate Signing Request (CSR) using the following command
openssl req -new -key server.key -out server.csr
This certificate signing request can now be sent together with the server.key file to the Certificate Authority (CA)
If you are only going to use an SSL certificate internally or for testing purposes, you can sign the certificate yourself, these certificates are called Self Signed Certificates. Follow the following steps to sign the certificate yourself:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The above command creates server.crt which is the certificate signed by yourself. You can use it to secure all the data transfer between your server and client. But your server.key still uses a password (passphrase that you provided while creating the server.key file). Let’s create a version of the key which doesn’t need a password:
openssl rsa -in server.key -out server.key.insecure
Copy the original server.key file as server.key.secure to keep it safe.
mv server.key server.key.secure
Now rename server.key.insecure (the one which doesn’t require any password) as server.key
mv server.key.insecure server.key
Now, you are ready to use the server.key and server.crt to secure your web applications. If you don’t know how to use it, check out the next article on how to use Webmin to setup SSL for your website.