OpenSSL is the open-source SSL library you use to do, well, everything on modern Unix systems. It has three million features—roughly one million of which are documented—making it difficult to figure out how to do anything useful.
I will reuse a few variables throughout:
Have a certificate on your filesystem somewhere and want to know what it contains?
openssl x509 -in $CERTFILE -noout -text
Already have an e.g. website certificate and want to renew it? This generates a renewal request from the old certificate, and avoids prompting you for all of the certificate information again. Minor downside: I can't figure out how to output to anything other than PEM format.
openssl x509 -x509toreq -in $CERTFILE -out $CSRFILE -signkey $KEYFILE
(I have written a script, self-signed-cert, which takes care of this whole process.)
There are really two steps involved in creating a self-signed certificate.
Create a private key.
openssl genrsa -out $KEYFILE $NUM_BITS chmod 400 $KEYFILE
Create a public key (certificate), and sign it.
openssl req -new -x509 -nodes -sha1 -days $DAYS -key $KEYFILE -out $CERTFILE
(I have written a script, vhost-ssl-request, which takes care of this whole process.)
Again, there are two steps involved here.
Create the private key.
openssl genrsa -out $KEYFILE $NUM_BITS chmod 400 $KEYFILE
Create a certificate signing request (CSR) corresponding to your key.
openssl req -new -key $KEYFILE -out $CSRFILE