Generating a self-signed certificate
This is a procedure for generating a valid self-signed certificate. It does *not* use a personal CA like I originally did when generating the SSL certificates as described on RealSSL.
~/tmp/certs> openssl genrsa -des3 -out dlterm_si.key 1024 Generating RSA private key, 1024 bit long modulus ..................................++++++ ...............++++++ e is 65537 (0x10001) Enter pass phrase for dlterm_si.key: Verifying - Enter pass phrase for dlterm_si.key: ~/tmp/certs> openssl req -new -key dlterm_si.key -out dlterm_si.csr Enter pass phrase for dlterm_si.key: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:Minnesota Locality Name (eg, city) []:Eagan Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cedar Solutions Inc Organizational Unit Name (eg, section) []:Cedar Solutions Inc Common Name (eg, YOUR name) []: My Application Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: ~/tmp/certs> openssl x509 -req -days 3650 -in dlterm_si.csr -signkey dlterm_si.key -out dlterm_si.crt Signature ok subject=/C=US/ST=Minnesota/L=Eagan/O=Cedar Solutions/OU=Group/CN=Application Getting Private key Enter pass phrase for dlterm_si.key: ~/tmp/certs> openssl pkcs12 -export -in dlterm_si.crt -inkey dlterm_si.key -out dlterm_si.p12 Enter pass phrase for dlterm_si.key: Enter Export Password: Verifying - Enter Export Password: ~/tmp/certs> ls dlterm_si.crt dlterm_si.csr dlterm_si.key dlterm_si.p12