Creating your own self-signed SSL/TLS certificate

By Faramarz Salehpour

The following has been extracted from How To Create a SSL Certificate on nginx for Ubuntu 12.04

We should first create a private key for the server:

sudo openssl genrsa -des3 -out server.key 1024

Then we need to create a certificate signing request, remember to enter your domain name when you're asked for "Common Name" and leave password and optional company name empty:

sudo openssl req -new key server.key -out server.csr

for use in nginx it's better to remove the pass-phrase from the key:

sudo cp server.key server.key.org
sudo openssl rsa -in server.key.org -out server.key

and finally sign the certificate for a year or so:

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt