ssl

Updated: 11 February 2026

Create self-signed certs

Accept default answers to questions except Common Name, which should be your domain name.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout foo.key -out foo.crt

Use the files generated in an Apache virtual host

<VirtualHost *:443>
    ...
    SSLCertificateFile /etc/ssl/certs/foo.crt
    SSLCertificateKeyFile /etc/ssl/private/foo.key
</VirtualHost>

See Digital Ocean, how to create self-signed certs
See Self-signed wildcard cert check project on GitHub

Diagnose problems with certificates

• Qualys SSL Labs
• SSL Shopper
• Mozilla Observatory

Mozilla SSL configuration generator

https://ssl-config.mozilla.org/