This is take straight from http://devsec.org/info/ssl-cert.html. I’m getting it on my blog, as a reference to myself, so I can make a key pair quickly in the future.
Make a new ssl private key:
* Generate a new unencrypted rsa private key in PEM format:
openssl genrsa -out privkey.pem 2048
You can create an encrypted key by adding the -des3 option.
#
To make a self-signed certificate:
* Create a certificate signing request (CSR) using your rsa private key:
openssl req -new -key privkey.pem -out certreq.csr
( This is also the type of CSR you would create to send to a root CA for them to sign for you. )
* Self-sign your CSR with your own private key:
openssl x509 -req -in certreq.csr -signkey privkey.pem -out newcert.pem
My friend says, use 2048 for production facing stuff, instead of 1024