Self signed using OpenSSL
How to generate a self signed SSL certificate using OpenSSL.
Below is a slight modification of the one described here. Rather than removing the encryption from the key we don’t add it in the first place and we use a larger key.
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
Compared to other tutorials the first command is missing a -des3 flag which makes the key unencrypted in the first place.
For a website the common name must be the domain name.