The Problem

You want to test out your SSL app, but you don’t have a cert. Just make one. This post was pretty much ripped from Heroku.

The Solution

If you are using a Windows box, I suggest you google.

For all others, open your favorite terminal program and type:

$ which openssl || echo "I have's none!"
# should return /path/to/openssl

If you haves none, install openssl, like so:


$ [sudo] apt-get install openssl

Mac OS X, use brew:

$ brew install openssl

Get that key and signing request

Copy-pasta the following commands. Filled out the data as you wish. When you are asked for a “challenge password []”, hit return, leaving the password empty.

NOTE: I used backslashes to blog readability, only.

$ openssl genrsa -des3 -passout pass:x \ 
  -out server.pass.key 2048
$ openssl rsa -passin pass:x -in server.pass.key -out \ 
$ rm server.pass.key
$ openssl req -new -key server.key -out server.csr

Get that cert

Generate the seif-signed certificate using the certificate signing request server.csr and the private key server.key

$ openssl x509 -req \
  -days 365 \ 
  -in server.csr \
  -signkey server.key \ 
  -out server.crt

Pem Pem Pem goes the trolley

For some uses, like, say, Using ELB as an SSL termination proxy, you will need to create a PEM file.

This is is straight forward for our needs, just cat them thangs:

cat server.key server.crt > server.pem

blog comments powered by Disqus


26 March 2014