This script is from 2012 - now I'm using ➚ for my SSL-Certificats.

This is a small and easy script I wrote te create self-signed SSL-Certificates for my own Webapplications (e.g. Webmail). The certificates created with this Script are only for test purposes, and will create untrusted warning messages in browsers.



echo "Generate Key:"
/usr/bin/openssl genrsa -des3 -out server.key 1024

echo "Generate CSR (YOUR Name or Common Name is 'Fully Qualified Domain Name'):"
/usr/bin/openssl req -new -key server.key -out server.csr

echo "Remove Password from Key:"
cp server.key
/usr/bin/openssl rsa -in -out server.key

echo "Generate Certificate:"
/usr/bin/openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

read -e -p "Enter Filename for *.crt and *.key files: " FILENAME

# Move Files to /etc/apache2/ssl/ folder.
# Have to be created by user if this folder doesn't exist.
mv server.crt /etc/apache2/ssl/$FILENAME.crt
mv server.key /etc/apache2/ssl/$FILENAME.key

# Clean up
rm -rf server.crt
rm -rf server.csr
rm -rf server.key

echo "Moved $FILENAME.crt and $FILENAME.key to /etc/apache2/ssl"
echo "DONE"
exit 1

Apache Configuration

ports.conf (/etc/apache2/ports.conf):
<IfModule mod_ssl.c>
    # SSL name based virtual hosts are not yet supported, therefore no
    # NameVirtualHost statement here
    NameVirtualHost *:443
    Listen 443
000-default-ssl (/etc/apache2/sites-enabled/000-default-ssl):
<VirtualHost *:443>
	ServerAdmin webmaster@localhost
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mail.crt
	SSLCertificateKeyFile /etc/apache2/ssl/mail.key
	SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

	CustomLog /var/log/apache2/ssl_request_log "%t %h %{SSL_PROTOKOLL}x %{SSL_CIPHER}x \"%r\" %b"
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None


Nr.FileLast ModificationFilesize
1. generate-ssl-certificate February 14 2012 09:32:23. 892 B [892]