Generate ssl certificate in 1 quick step

I found most instructions on configuring SSL under web servers are a bit too complicated, especially on the part that generates the self-signed certificate. I’ve discovered a pretty simply way to do it [ reference ]

openssl req -new -x509 -days 3650 -keyout key.pem -out cert.pem -newkey rsa:2048 -subj "/CN=hostname.example.org"


Substitute hostname.example.org with the actual domain name, or even * if the certificate will be used in a virtual hosts setting.

Take apache for example, the resulting cert.pem and key.pem from the above commands can then be used in the ssl-enabled vhost configuration as below:

    ...
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    ...

Starting the apache service will ask for pass phrase used to generate the above certificate. To remove the pass phrase, perform one more step:

openssl rsa -in key.pem -out key.pem