How to Create My Own SSL
- 1). Login to the web server as you normally would to work on its development. Usually this is accomplished using a telnet or SSH program. Many such programs are available for free.
- 2). Generate the initial private security key that will pair with the public encryption certificate. This is accomplished via the "openssl" command. The parameters of the common specify the type and level of security encryption as well as the name of the private key. For 1024 bit encryption using the "des3" security protocol, type "openssl genrsa -des3 -out server.key 1024" at the command prompt. Note that quotes are not included in the actual command.
- 3). Generate the public key that will be presented to web browsers whenever they connect to your site. This public key uses the previously generated private key to build a matched pair. The "openssl" command is used for this process as well. The syntax refers to the private key and issues and "out" command to generate the public key. Type "openssl req -new -key server.key -out server.csr".
- 4). Remove the password necessary to activate the SSL encryption certificate. This is necessary so that the certificate always works without additional intervention, even if the server is rebooted. To proceed, you must first create an identical copy of the key that will be manipulated before being converted back into its original file. Type "cp server.key server.key.org" to create this copy.
- 5). Type "openssl rsa -in server.key.org -out server.key" to remove the password in the cloned file and return it to the original file name. The public and private keys are now active, but the actual SSL certificate hasn't been generated for browsers to recognize and activate the encryption.
- 6). Create the SSL certificate using the "openssl" command in conjunction with a file ending with the ".crt" extension, which specifies a certificate file. You must specify the duration of the certificate's life, usually 365 days. Type "openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt" to generate the certificate. All the necessary files for the SSL encryption have now been created. Next, they will be installed into the web server.
- 7). Locate your "apache" directory. This directory contains all the necessary files that affect how browsers interact with your website. The exact location of this directory will vary depending on your server setup. It will usually be located in the root of your user account on the system, such as "/usr/local/apache".
- 8). Copy the SSL files into this directory using the following two copy command. Type "cp server.crt /usr/local/apache/conf/ssl.crt" for the first copy. Type "cp server.key /usr/local/apache/conf/ssl.key" for the second copy. In both examples, use the location of your "apache" directory in place of the "/usr/local/apache/" noted here. Your own SSL has now been created.
Source...