SSL certificates in a jiffy

Quick guide to generating self-signed certificates for use with Apache et al.
Replace <servername> with the fully qualified name of the server you're generating the key for.

  1. Generate the key
    openssl genrsa -des3 -out <servername>.key
  2. Generate the certificate signing request
    openssl req -new -key <servername>.key -out <servername>.csr
    Put the server name when prompted for your name
  3. Remove the password from the key file
    cp <servername>.key <servername>.key.org
    openssl rsa -in <servername>.key.org -out <servername>.key
  4. Generate the certificate
    openssl x509 -req -days 365 -in <servername>.csr -signkey <servername>.key -out <servername>.crt