
Let's get started. First, create RSA key.
$ openssl genrsa -des3 -out server.key Generating RSA private key, 512 bit long modulus ....++++++++++++ ...................................................++++++++++++ e is 65537 (0x10001) Enter pass phrase for server.key: KUNCINYA Verifying - Enter pass phrase for server.key: KUNCINYA
Please remember the pass phrase that You typed. Next, create Certificate Signing Request (CSR).
$ openssl req -new -key server.key -out server.csr Enter pass phrase for server.key: KUNCINYA You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:DKI Locality Name (eg, city) []:Jakarta Organization Name (eg, company) [Internet Widgits Pty Ltd]:ARDHYWWW Organizational Unit Name (eg, section) []:Development Common Name (eg, YOUR name) []:Ardhy Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Then, create the backup of server.key as server.key.org, the remove the pass phrase from the key. This is usually used to avoid pass phrase being asked by Apache each time it's started.
$ cp server.key server.key.org $ openssl rsa -in server.key.org -out server.key Enter pass phrase for server.key.org: KUNCINYA writing RSA key
OK! Next, self-sign the CSR.
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Signature ok subject=/C=ID/ST=DKI/L=Jakarta/O=ARDHYWWW/OU=Development/CN=Ardhy Getting Private key
Now, install it in Nginx or Apache SSL configuration file.