My yearly self signed SSL certificate for www.fendy.org has expired. It’s quite exciting that this is my fourth time generating my own certificate. That means, I’ve already been using fendy.org for the past 4 years.

Maybe I should start to think of buying the recognised certificate from www.godaddy.com after all, it is quite cheap nowadays for a single domain.

Anyways, I’m going to describe how to create a new SSL certificate. This does not cover the installation of Apache and Mod SSL.

* Previously, I had shown a considerable longer way to generate the certificate until I received a comment from www.devside.net. They showed me the better way to create a self-signed certificate.

If you are on Windows, you might want to check out devside’s page.

Generating the certificate

Execute the following command on the Linux terminal to generate both certificate and key:

openssl req -new -out server.csr

Soon, it will ask you lines of question starting with ‘pass phrase’. Fill them all accordingly. Once you reached a line asking this:

Common Name (eg, YOUR name) []:

You may need to put your valid website domain name in it e.g; www.fendy.org. Then just follow the rest until it finishes.

Next step is to execute the following command.

openssl rsa -in privkey.pem -out server.key

and this

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

The first part is now completed.

Copy them to the correct path/folder

Based on your Apache SSL conf file, put the server.crt and server.key to the correct folder. Mine is as follow:

cp server.crt /usr/local/apache/conf/ssl.crt/
cp server.key /usr/local/apache/conf/ssl.key/

It’s done. Now you may need to stop and start Apache daemon. My example is like this:

/usr/local/apache/bin/apachectl stop
/usr/local/apache/bin/apachectl startssl

There you have it, a new generated certificate that can last for another year.

I learned and corrected it.

tagged as