openssl genrsa -out example.com.key 2048 openssl req -new -key example.com.key -out example.com.csr \ -subj "/C=DE/ST=NRW/L=Cologne/O=My Inc/OU=IT/CN=192.168.1.1/emailAddress=webmaster@example.com" mv example.com.crt /etc/ssl/certs/ mv example.com.key /etc/ssl/private/ https://www.startssl.com/ Express Lane Register... Create certificate... openssl req -new -key /etc/ssl/private/example.com.key -out /root/example.com.csr cat /root/example.com.csr Save as: example.com.crt wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O /etc/ssl/certs/sub.class1.server.ca.pem cp /etc/apache2/sites-available/default-ssl /root/ vi /etc/apache2/sites-available/default-ssl # OPTIONAL: configure virtualhost # SSLCertificateFile /etc/ssl/certs/example.com.crt # SSLCertificateKeyFile /etc/ssl/private/example.com.key # SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem sed -i 's|/etc/ssl/certs/ssl-cert-snakeoil.pem|/etc/ssl/certs/example.com.crt|g' /etc/apache2/sites-available/default-ssl sed -i 's|/etc/ssl/private/ssl-cert-snakeoil.key|/etc/ssl/private/example.com.key|g' /etc/apache2/sites-available/default-ssl sed -i 's|#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt|SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem|g' /etc/apache2/sites-available/default-ssl a2enmod ssl a2ensite default-ssl /etc/init.d/apache2 restart Save your browser certificate https://www.startssl.com/?app=25#4 # view certificate details openssl x509 -noout -text -in /etc/ssl/certs/example.com.crt # Link http://www.heise.de/security/artikel/SSL-fuer-lau-880221.html