SSL Certificates are used in a number of areas for securing communications between web servers, email clients, etc. Listed below are the steps to go through to generate an SSL Certificate.
For this example, we’ll use Apache web Server
cd /etc/apache2 mkdir ssl cd ssl openssl genrsa -out ssl.key 2048 (choose a pass phrase) ..# Private Key generation (add -des3 for triple DES encrytion)
NOTE: If a blank passphrase is used here (no encryption) then the key file should only be accessible by root. chmod 0400 ssl.key.
If the private key is generated with triple DES encryption, it HAS to have a password of at least 4 characters. If this is undesirable, it should be generate with another cipher, otherwise, the step below will create a copy of the key with no passphrase. NOTE: This should be done prior to creating a CSR.
cp ssl.key ssl.key.secure openssl rsa -in ssl.key.secure -out ssl.key
Creation of the Certificate Signing Request (CSR):
openssl req -new -key ssl.key -out ssl.csr
Then Enter all of the Fields:
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Common Name (eg, YOUR name) []: Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: