Add to Favourites Add to Favourites    Print this Article Print this Article

How to manually create a new self-signed shared server certificate

The following command will create you a new self-signed shared server certificate

/usr/bin/openssl req -sha256 -x509 -newkey rsa:4096 -keyout /etc/httpd/conf/ssl.key/server.key -out /etc/httpd/conf/ssl.crt/server.crt -days 9000 -nodes

answer the questions as desired.

Note, you can also accomplish the same thing through DirectAdmin.
To do this, login as "admin".
Click "User Level".
Use a domain created under "admin", if you don't have one, create a fake domain, it doesn't matter.
Go to "SSL Certificates".
Assuming "admin" is still set to use the server IP, and self-signed certificate created there will write to the same server.crt and server.key files as above.

Also, if you create a certificate request in this same manor (through DA), be advised that it will generate the key and the csr (cert request) as the result.  The key is *not* saved during this process (only for "admin" on the server IP).  So make sure you copy the key and csr and save it somewhere safe.
The original cert/key in the textarea are not touched when creating a csr.

Was this answer helpful?

Also Read