How to Make a Self-Signed SSL Certificate
Issue the following command to install required packages for OpenSSL, the open source SSL toolkit.
$ apt-get update $ apt-get upgrade $ apt-get install openssl $ mkdir /etc/ssl/localcerts
$ yum install openssl $ mkdir /etc/ssl/localcerts
Creating a Self-Signed Certificate
As an example, we'll create a certificate that might be used to secure a personal website that's hosted with Apache. Issue the following commands:
$ openssl req -new -x509 -days 365 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key $ chmod 600 /etc/ssl/localcerts/apache*
You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. We've specified the FQDN (fully qualified domain name) of the VPS for the "Common Name" entry, as this certificate will be used for generic SSL service. The -nodes flag instructs OpenSSL to create a certificate that does not require a passphrase. If this option is omitted, you will be required to enter a passphrase on the console to unlock the certificate each time the server application using it is restarted (most frequently, this will happen when you reboot your Debian Server).
Once the certificate is generated, you'll need to configure your server software properly to reference the certificate file.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.