$ mkdir ~/gencerts $ cd ~/gencerts $ openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 $ openssl rsa -passin pass:x -in server.pass.key -out server.key $ openssl req -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Massachusetts Locality Name (eg, city) [Default City]:Boston Organization Name (eg, company) [Default Company Ltd]:MyOrg Organizational Unit Name (eg, section) []:MyUnit Common Name (eg, your name or your server's hostname) []: my.server.com Email Address []:foobar@my.server.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: $ openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt $ mkdir ../ssl $ cp server.key ../ssl/dev.key $ cp server.crt ../ssl/dev.crt