If someone is in need of creating SSL certificates for his server (eg. at home), he might find the following script very helpful.
#!/bin/bash SERVER=your.server.com PRIVATE_KEY=$SERVER.private.key CERTIFICATE_FILE=$SERVER.crt VALID_DAYS=365 echo Delete old private key rm $PRIVATE_KEY echo Create new private/public-keys without passphrase for server openssl genrsa -out $PRIVATE_KEY 1024 echo Create selfsigned certificate rm $CERTIFICATE_FILE # From man req: # -x509 # this option outputs a self signed certificate instead # of a certificate request. This is typically used to # generate a test certificate or a self signed root CA. # The extensions added to the certificate (if any) are # specified in the configuration file. openssl req -new -days $VALID_DAYS -key $PRIVATE_KEY -x509 -out $CERTIFICATE_FILE echo private-keyfile is $PRIVATE_KEY echo server-certificate-file is $CERTIFICATE_FILE ls -l $PRIVATE_KEY $CERTIFICATE_FILE
Update: There is a short way in generating a new SSL certificate for your home box:
sudo make-ssl-cert generate-default-snakeoil --force-overwrite
This works on my Ubuntu box.