openssl genrsa 1024 > host.key
openssl req -new -key host.key -out host.csr
openssl x509 -req -days 730 -in host.csr -signkey host.key -out host.crt
Of course that's what everybody has, so why write about this? Three reasons:
- Make sure you
chmod 400 host.key
since you don't want anybody to see that. - Using lighttpd? Do a
cat host.key host.crt > host.pem
andchmod 400
that as well. - The "Common Name" you have to enter in step 2. If you have various subdomains like www.example.com and mail.example.com and so on, you don't want to enter "example.com" here. Instead you'd enter something globtastic like "*.example.com". But wait, that doesn't match just plain example.com anymore! Better use "*example.com" and wow, that actually works.
An Internet. Wow! It's so pretty... Who would've thunk? :-D