I’m not sure if I have written this before, but here is how we create a self-signed certificate (without the passphrase) to be used by web servers like Apache or nginx.
Gist – creating self-signed certificate.
openssl genrsa -out server.key 4096 openssl rsa -in server.key -out server.key openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=example.com' openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt # Create pem cat server.crt server.key > cert.pem
This one works for sub-domains too. PEM creation is added just in case it’s needed.