key – this is your key file and shouldn’t be shared with anyone publicly https://www.sslshopper.com/article-most-common-openssl-commands.html https://www.wpwhitesecurity.com/generate-self-signed-ssl-certificated-apache-https/ #Generate a new private key: openssl genrsa -out /opt/ssl/server.key 2048 #Create a certificate: (Certificate Signing Authority - Generate Certificate Request File) #IMPORTANT: Enter the server domain name when the above command asks for the “Common Name”. openssl req -new -key /opt/ssl/server.key -out /opt/ssl/cert.csr #Send cert.csr to the certificate authority. When the certificate authority completes their checks #(and probably received payment from you), they will hand over your new certificate to you. #Until the certificate is received, create a temporary self-signed certificate: openssl x509 -in /opt/ssl/cert.csr -out /opt/ssl/server.crt -req -signkey /opt/ssl/server.key -days 3650 #Back up your private key in a safe location after generating a password-protected version as follows openssl rsa -des3 -in /opt/ssl/server.key -out privkey.pem #Note that if you use this encrypted key in the Apache configuration file, #it will be necessary to enter the password manually every time Apache starts. #Regenerate the key without password protection from this file as follows: openssl rsa -in privkey.pem -out /opt/ssl/server.key