Use certtool instead of openssl. It is less flexible but much more user friendly.1. Installation:Certtool is part of GnuTLS. On debian-based distributions you have to install the gnutls-bin package.2. Create a private key:# certtool -p –outfile server.key.pem3. Generate the self signed certificate:# certtool -s –load-privkey server.key.pem –outfile server.crt.pemYou will get a prompt to enter various informations required for a certificate. For a server certificate you only need to fill common name with the server name e.g. http://www.server.com and validity period.For some applications, like openvpn, you may need your own certificate authority CA. These are the steps required:- create a CA key- create a self signed certificate for the CA. Say yes to the questions: “Does the certificate belong to an authority?” and “Will the certificate be used to sign other certificates?”- create a key- create a certificate using the CA key, CA certificate and the above key. For openvpn the common name is the user name.# certtool -p –outfile ca.key.pem# certtool -s –load-privkey ca.key.pem –outfile ca.crt.pem# certtool -p –outfile user.key.pem# certtool -c –load-privkey user.key.pem –load-ca-privkey ca.key.pem –load-ca-certificate ca.crt.pem –outfile user.crt.pem
