Generate a self-signed SSL Certificate with OpenSSL

Occasionally it may be necessary to generate a self-signed SSL certificate. This could be for internal websites, or for other internal uses that may require secure encrypted network transmissions.

Generating a self-signed certificate may be an easy task for the intermediate or senior level admin, however we decided to post this guide for everyone to use, since using the guide as a reference may hopefully be useful to those of you out there 😉

1. Generate an SSL key without a passphrase, enter:

openssl genrsa -out /etc/httpd/ssl/mycorp.com.key 1024

2: Create a self-signed certificate, enter:

openssl req -new -key /etc/httpd/ssl/mycorp.com.key -x509 -out /etc/httpd/ssl/mycorpcom.crt -days 999

Sample output:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:CA
Locality Name (eg, city) []:CA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:mycorp, LLC
Organizational Unit Name (eg, section) []:Sales
Common Name (eg, YOUR name) []:  
Email Address []:you@mycorp.com

My Sample Apache httpd.conf virtual host file:

DocumentRoot "/var/www/html/ssl_doc_root/"
ServerAdmin you@mycorp.com
ServerName www.mycorp.com
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
+EXP:+eNULL
SSLCertificateFile /etc/httpd/ssl/mycorpcom.crt
SSLCertificateKeyFile /etc/httpd/ssl/mycorp.com.key
SetEnvIf User-Agent ".*MSIE.*" 
nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0

3. Restart httpd/Apche:

service httpd restart

Thats it! Test the SSL Cert to ensure it loads fine and reflects the proper values when you examine the properties.