Nate's Programming Blog

Well it’s 2:30 am and I just painfully relearned how to create self-signed certificates using OpenSSL. Therefore, in order to prevent another long night of having to learn this again, I’m going to post the instructions I wrote.

To create the signed certificate request, execute this command:

openssl req –new –out server.csr –config openssl.conf
(The default uses openssl.cnf, but Windows sees .cnf files as SpeedDial files and hides the extension, therefore I had to rename it and specify the location in the command.)

To create a server keystore file, execute this command:

openssl rsa –in privkey.pem –out server.key

To sign the certificate request you created, execute this command:

openssl x509 –in server.csr –out server.crt –req –signkey server.key –days 365

Good luck to anyone else who wishes to take on this endeavor. It is definately not an easy road. What is sad is that the only reason that I did all of this is to encrypt the login page for wordpress, since I’m sure there is an army of snoopers out there wanting my login credentials for my local wordpress installation 🙂 Well anyway, it was good experience. BTW, I also learned another fun fact. It is impossible to assigned multiple certificates to different virtual hosts. You have to have a different IP address for each certificate chain. Here is the discussion that filled me in. It seems to be a protocol limitation.

Name (required)

Email (required)


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Feel free to leave a comment