Linux.com

It can be fairly simple. If this is for something simple that you just need an cert for I would go about it this way (There are other ways, that require a CSR, but this is quick and painless). First you have to generate an RSA key (Your private key) [quote]openssl genrsa -des3 -out privkey.pem 2048[/quote] That command will create a new private key: privkey.pem for signing your certificates. If you don't want / need to have your private key password protected, you can remove the '-des3' from that command. Now to create a self signed cerificate: [quote]openssl req -new -x509 -key privkey.pem -out cacert.pem -days 3650[/quote] This will prompt you for a bunch of information like your country / city / Organization. You can fill that out with whatever you want. When you get to 'Common Name' you should enter the FQDN or the IP for the server the key is for. If you didn't remove the '-des3' from the first command it will ask you for the password for the private key as well. The -days option should speak for itself. :) From here installing the cert depends on what application you're using it with. Usually you just copy the key and the cert to whatever directory you application wants and editing config files. [Modified by: Khabi on August 22, 2008 10:22 PM]