townx

(This is extracted from my Apache course materials, but it's a useful howto in its own right.)

To generate a self-signed SSL certificate, you will need openssl installed first.

Then follow these steps:

1. Generate the server's private key; we'll use a 1024-bit key using the RSA algorithm:
   openssl genrsa -out server.key 1024
2. Generate a certificate-signing request:
   openssl req -new -key server.key -out server.csr
3. Fill in the required information at the prompts:
   

      Country Name (2 letter code) [GB]:GB
      State or Province Name (full name) []:.
      Locality Name (eg, city) [Newbury]:Birmingham
      Organization Name (eg, company) [My Company Ltd]:Talis
      Organizational Unit Name (eg, section) []:Library Products
      Common Name (eg, your name or your server's hostname) []:prism.talis.com
      Email Address []:.
   
      Please enter the following 'extra' attributes to be sent with your certificate request
   
      A challenge password []:.
      An optional company name []:.
   

   The really important one is the Common Name: this must match the domain name which will serve the SSL site; otherwise connecting clients will get a prompt about a mismatch between the certificate's host name and the actual host name of the server.
   
   Note that we left the password blank. If we don't do this, Apache will prompt you for the certificate password each time you start the server, which is a pain in the arse.
4. Create a self-signed certificate from the certificate-signing request (.csr file):
   openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
5. rm server.csr (you don't need it any more)
6. Put the .crt and .key files into Apache's SSL directory and configure Apache to use them

If I get round to it I'll do another entry explaining how to make Apache use them.