My self signed certificate ran out yesterday so I needed to generate a new certificate.  I still have the key from my original certificate (obviously), but for some reason I couldn’t find the certificate request file from last time.  On top of that I couldn’t remember the exact commands to generate the new key.

With some help from Xeno Cafe web site these are the steps I took:

1. openssl req -new -key tuxx.tuxx.org.uk.key -out tuxx.tuxx.org.uk.csr
2. openssl x509 -req -days 730 -in tuxx.tuxx.org.uk.csr -signkey tuxx.tuxx.org.uk.key -set_serial 08 -out tuxx.tuxx.org.uk.crt

In step 1 I enter the details and the certificate request file is generated (this is the one you send off when you want a signed certificate).  In step 2 the actual certificate is created.  I opted to make it valid for 2 years hence the 730. Once that’s done it’s just a case of putting the key file and certificate file on top of the old files and restarting apache.

The first time I generated the cetificate Firefox gave serial key error on the certificate.  After a quick google I came up with suggestion to set the serial on the certificate.  I didn’t even know you could do that!

The second time I created the certificate also setting the serial and the restarted apache.  This time it worked.