Here are the few steps to generate the private key, certificate signed request, self-signed certificate and how to get rid of the passphrase request when starting you’re application .
Okay, let’s start. Go to the directory you want to store you’re certificate stuff. This example will assume you’re common name (aka : host name) will be “secure.certificate.tld”.
First, create a private key :
openssl genrsa -des3 2048 > secure.certificate.tld.key
Second, create a certificate signed request (known as CSR) :
openssl req -new -key secure.certificate.tld.key > secure.certificate.tld.csr
Almost done. You may now provide the CSR to your Certificate Authority (CA) issuer to obtain you’re certificate. You may also generate a self-signed certificate if you do not need to purchase one. It is absolutely secure to use a self-signed certificate, but a warning will be displayed to you’re visitors that the certificate is not valid. That’s why it’s not appropriate for online sales.
openssl req -x509 -key secure.certificate.tld.key -in secure.certificate.tld.csr > secure.certificate.tld.crt
Now, you may notice that every time you start you’re application (that use you’re certificate) ask for passphrase before starting. You can get rid of the passphrase with the following steps.
Backup the key file before :
cp -p secure.certificate.tld.key secure.certificate.tld.key.bak
Then, remove the passphrase :
openssl rsa -in secure.certificate.tld.key.bak -out secure.certificate.tld.key
For more security, make sure the key file is only readable by root :
chmod 400 secure.certificate.tld.key