How to self-sign an SSL certificate for a specific domain?

ssl ubuntu openssl

I've followed these steps to create and sign my own SSL certificate:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

In Firefox, I get these warning messages:

  • The certificate is not trusted because it is self-signed.
  • The certificate is not valid for any server names.

Of course I get the former warning, but what about the latter? On generating the CSR, I'm asked a lot of questions for which I give blank answers. None of them seem to mention the domain names, though.

Country Name (2 letter code) [AU]:se
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:.
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

What am I doing wrong?


The Common Name field is where you should put the domain name for the certificate. If it's blank, then the certificate is not valid for any domain.

Related

SSH Key authentication
Can you restore a MySQL dump file from an S3 bucket to an RDS instance?
How to reduce the memory used by Tomcat?
how often should I install updates on Windows 2008 R2 server?
How to stop users from running CPU heavy programs on a server?
Is OpenLDAP a viable alternative to Windows LDAP?
How to log every login (SSH) on FreeBSD
Mass delete mapped & local printers
What Group Policy settings MUST be set within the Default Domain Policy?
Why VPN when I can just use SSH keys?
how to check connectivity to server by windows tools?
Why does chef list my node name as "localhost"?