How to self-sign an SSL certificate for a specific domain?

I've followed these steps to create and sign my own SSL certificate:

openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

In Firefox, I get these warning messages:

  • The certificate is not trusted because it is self-signed.
  • The certificate is not valid for any server names.

Of course I get the former warning, but what about the latter? On generating the CSR, I'm asked a lot of questions for which I give blank answers. None of them seem to mention the domain names, though.

Country Name (2 letter code) [AU]:se
State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, YOUR name) []:.
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

What am I doing wrong?


The Common Name field is where you should put the domain name for the certificate. If it's blank, then the certificate is not valid for any domain.