self assigned SSL

Configuring SSL Cert
Generating a Certificate Signing Request (CSR)

Apache 2 comes with OpenSSL pre-installed an activated for your to generate your domain key and CSR. To do so, run the following line, replacing yourdomain with the domain name that you are securing. For example, if your domain name is, you would type coolexample.key and coolexample.csr.

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Follow the instructions provided and enter the necessary details. Once the CSR and Key has been generated, copy the CSR for submission to your SSL Cert provider for issuance of certs. Note that if you are using a wildcard subdomain SSL, your common name should include a * on the left of the domain. E.g. *

For more details on how to get an SSL cert, go to: apache-2-x

Re-Keying a SSL Certificate

Sometimes you may need to just issue a private key. You can do that without generating a CSR by using the following line:

openssl genrsa -out yourdomain.key 2048

However, should you want to issue a new matching certificate for the new private key, you will need to generate the CSR and submit to your SSL issuing authority for re-keying.

For more details on re-keying with GoDaddy, go to:

Generating a Self-Signed Certificate

While waiting for your SSL issuer, you can create a temporary self-signed certificate by running the following command:

openssl x509 -in yourdomain.csr -out yourdomain.crt -req -signkey yourdomain.key -days 365

The x509 parameter is to let OpenSSL know that this is to be a self-signed cert, and the days parameter is to set the expiry date of the self-signed cert.

For more details on how to create an SSL cert and troubleshoot SSL related issues, go to:

Extracted from LAMP VM Recipe v1.0 Paywhere