Help-Site Computer Manuals
  Algorithms & Data Structures   Programming Languages   Revision Control
  Cameras   Computers   Displays   Keyboards & Mice   Motherboards   Networking   Printers & Scanners   Storage
  Windows   Linux & Unix   Mac
Create and self-sign a set of SSL server cert files - Create and self-sign a set of SSL server cert files

NAME - Create and self-sign a set of SSL server cert files



 Enter PEM pass phrase:                <----- note 'PEM pass phrase'

 Verifying - Enter PEM pass phrase:


 You are about to be asked to enter information that 

 will be incorporated into your certificate request. 

 What you are about to enter is what is called a 

 Distinguished Name or a DN.  There are quite a few 

 fields but you can leave some blank For some fields 

 there will be a default value, If you enter '.', the 

 field will be left blank.


 Country Name (2 letter code) [AU]:

 State or Province Name (full name) [Some-State]:

 Locality Name (eg, city) []:

 Organization Name (eg, company) [Internet Widgits Pty Ltd]:

 Organizational Unit Name (eg, section) []:

 Common Name (eg, YOUR name) []:       <----- your COMPUTER'S name

 Email Address []:

 Please enter the following 'extra' attributes

 to be sent with your certificate request

 A challenge password []:

 An optional company name []:


 Enter pass phrase for <KeyFile>:      <----- use 'PEM pass phrase'


This script runs the OpenSSL tool to generate certificates, which prompts for information necessary to create a set of certificate files, as shown in the Synopsis section, above.

The interesting prompts that you need to know about (at least to get started) are the following.

 Common Name (eg, YOUR name) []:

 An optional company name []:

For Common Name, enter the name of the computer for which this certificate set will be generated. Enter it exactly how users will enter it in their browser. Users will be prompted by their browser to view the certificate if it differs from the name their browser expects.

For An optional company name enter the name that yo uwant to show up as having signed your certificate. This may or may not be important, depending on who accesses your site.

Also remember the phrase you enter at the first prompt to Enter PEM pass phrase: as you will need to enter the same phrase at the last Enter pass phrase for ... prompt.



This script is intended for test use only. This script allows you to behave in ways that are known not to be secure.

On a production system you should always consider carefully before adding the 'pass phrase' into a certificate, and you should fully understand the ramifications of doing so.

On a production system you should never allow the private key to be available to anyone other than the designated security administrator.

Before using generating certificates for a production environment, read the documents at the above URLs.


Chris Cobb, <>


Copyright (c) 2003-2007 by Chris Cobb. All rights reserved. This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.