This article explains how to use OpenSSL to create your own self-authenticated SSL certificates in three easy steps.

1. Create a key file :
   
   

   slesbox1:~ # openssl genrsa -out server.key -rand file1:file2:...fileN 1024

   
   
   (Where file1, file2, ...fileN are files with random data in them - any file(s) will do, including log files, binary files, etc... there must be at least one, can use as many as desired.)
   
   
2. Create a certificate :
   
   

   slesbox1:~ # openssl req -x509 -new -key server.key -out server.crt

   
   
   (server.key is the key file created in step1.  When this command is executed, it will prompt you for data such as the country code, state and city, O and OU, common name, and e-mail addr.)
   
   Note that if you plan to use this certificate with a web site, you should have the "Common Name" part of the certificate EXACTLY MATCH the host name of your web server (i.e. what users type into their browsers to reach your site, but without the http:// in the front, and without a "/" or anything else after it.That's it... you now have a key file and cert, self-signed.
   
   If you want to encrypt the key file, use the following optional command (remember the passphrase... any app that uses the cert/key combo will need the passphrase):
   
   
3. Encrypt the key file :
   
   

   slesbox1:~ # openssl rsa -des3 -in server.key -out server.key.crypt
   slesbox1:~ # mv server.key.crypt server.key