Getting ready

To install an SSL, there are three components we need to start with. The first is Certificate Signing Request (CSR). This defines the information which will be contained within the certificate and includes things such as the organization name and domain name. The CSR is then sent to a CA or used to generate a self-signed certificate.

To make it easy for this recipe, we'll use a self-signed certificate. We can easily generate the CSR and then the private key and public certificate with one command. For example, here's how to generate a CSR with a 2048 bit key and 600 day expiry:

openssl req -x509 -new -newkey rsa:2048 -nodes -keyout private.key -out public.pem -days 600  

This example will ask a series of questions for the CSR and then automatically generate the private key (private.key) and the public certificate (public.pem). Consider the following example: