Here’s the command list to quickly create a self-signed SSL certificate from the Linux command line. You can copy/paste each line to the shell to generate the key.
It assumes you will place each set of SSL files under a directory assigned per domain; at the end you will have a directory that contains the newly created .host, .key, .pem and .info files.
mkdir /etc/ssl/subdomain.domain.com cd /etc/ssl/subdomain.domain.com openssl genrsa 2048 > host.key openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert # Enter subdomain.domain.com for Common Name. It's the 6th option in the dialog. # All other options can be left blank for defaults # For wildcard SSL, enter *.domain.com openssl x509 -noout -fingerprint -text < host.cert > host.info cat host.cert host.key > host.pem chmod 400 host.key host.pem
A signed SSL certificate is necessary for all your public-facing domains. But you can save yourself a lot of time and money by using self-signed certificates on sites that have a limited or more technical audience. For example, I use self-signed certificates for all the installations of phpMyAdmin that I set up.
The protection you get from a self-signed certificate is exactly the same as one you pay for; the browser warning that pops up is the only difference. Click through it and you’re good to go.