Jud Dagnall Photography Blog

Photography, technology and occasional rants!

one-step self-signed SSL certificate

Posted on May 31st, 2005 in , by jud || No Comment

Create self-signed certificates is useful when managing apache and dovecot imap servers. I have always found it to be a pain to create the certificates. Here’s simple instructions for creating one.


In a nutshell,

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout www.example.com.pem -out www.example.com.pem

You can then use the file above in apache with the following two lines

SSLEngine On
SSLCertificateFile www.example.com.pem

In my case, I created a separate cert and private key:

openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout private/www.example.com.pem -out cert/www.example.com.pem

and installed them so that dovecot (and thunderbird) would use them. I added the year in the cert UO field.

Leave a Reply

Your email address will not be published. Required fields are marked *