Assuming you have openssl installed:
- Create the ssl key:
Shell12345user@v4:~#openssl genrsa -out ssl.key 2048Generating RSA private key, 2048 bit long modulus.....+++...............................................................+++e is 65537 (0x10001)
You'll be left with a "ssl.key" file in the current directory.
- Create the csr:
Shell1234567891011121314151617181920user@v4:~#openssl req -new -key ssl.key -out ssl.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:New JerseyLocality Name (eg, city) :WildwoodOrganization Name (eg, company) [Internet Widgits Pty Ltd]:MagicBrain ComputingOrganizational Unit Name (eg, section) :Common Name (eg, YOUR name) :*.magicbrain.netEmail Address :*******************Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password :An optional company name :
Notice the input for Common Name. The Common Name is your server's hostname. If you are purchasing a wildcard certificate, the hostname will start with a "*", otherwise "www", or "smtp" or whatever you are using for the server hostname. Also, I leave the challenge password field empty (just press <enter>), otherwise services like Apache will pause when starting, asking for the password before continuing. Obviously this is bad on an unattended server.
The above method is the same for Apache, Nginx, Dovecot, really any service that uses these certificates. The setup of the service varies, of course. For Apache, you might have something like this in your apache2.conf file:
SSLProtocol -ALL +SSLv3 +TLSv1
The above is assuming a godaddy.com certificate (gd_bundle.crt is Godaddy's root bundle). I've been using namecheap.com lately, as their prices are less than their competitors by 50% or more.