Since this information doesn’t seem to be readily available many places, I’m putting it here. This is the fast track to getting an SSL certificate.

openssl genrsa -out private.key 4096 openssl req -new -key private.key -out server.csr

Fill out the requested information. Use your two letter country code. Use the full name of your state. Locality means city. Organization Name and Organizational Unit Name seem rather self explanatory (they can be the same). Common name is the fully qualified domain name of the server or virtual server you are creating a certificate for. The rest you can leave blank.

Note: You can take a shortcut and not have to fill out all the information by doing this instead:

openssl req -new -key private.key -out domain.com.csr -subj \
    "/C=US/ST=California/L=San Diego/O=Digital Elf/CN=example.com"

At this point if you want your cert signed by a real Certificate Authority. I suggest StartSSL because you can get certificates for free. Most others charge a fee. Some alternatives are RapidSSL, Thawte and GoDaddy. Give them your server.csr file. They’ll give you back a certificate.

If you want a self signed certificate instead, run this:

openssl x509 -req -sha1 -days 365 -in server.csr -signkey private.key -out public.crt

Viola, certificates.