Creating a server certificate involves only a few steps. To do so, execute the following commands. This post assumes that “OpenSSL initial configuration” and “Creating a ca’s self signed certificate” has been done previously.

Create a private key for the server. This can be accomplished using any user. The secret key, server.key, must be well protected.

openssl genrsa -des3 -out server.key 1024

Create the certificate request. This can be accomplished using any user. The common name (CN) should be the URL of the server. Otherwise, users will get a warning message that the server URL does not match the URL in the certificate.

openssl req -new -key server.key -out server.csr

Create and sign the certificate (change NN for the next certificate serial number available!). You must be logged in as ca to perform this operation. serverNN.crt is the server certificate.

openssl x509 -req -days 365 -in server.csr -CA certs/cacert.pem 
      -CAkey private/cakey.pem -set_serial NN -out serverNN.crt