How to create a bunch of certs.

1) First, declare yourself a root cert authority:

Create a RSA private key for your CA (will be Triple-DES encrypted and PEM formatted): 

$ openssl genrsa -des3 -out ca.key 1024

Please backup this ca.key file and remember the pass-phrase you currently
entered at a secure location. You can see the details of this RSA private
key via the command 

$ openssl rsa -noout -text -in ca.key

And you can create a decrypted PEM version (not recommended) of this private key via: 

$ openssl rsa -in ca.key -out ca.key.unsecure

Create a self-signed CA Certificate (X509 structure) with the RSA key of the CA (output will be PEM formatted): 

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt

You can see the details of this Certificate via the command: 

$ openssl x509 -noout -text -in ca.crt


2) Make a server key. We are going to us ethe same server key of all out certs
so we won't have one key file per domain.

openssl genrsa -des3 -out server.key 1024

3) If you want, make unsecure (ie, no pass phrase) versions of these files

$ openssl rsa -in server.key -out server.key.unsecure

You end up with this:

# d
total 13
drwxrwx---   3 root  ca     1024 Mar 25 20:10 ./
drwxr-xr-x  22 root  wheel   512 Feb 26 22:42 ../
drwxr-xr-x   2 root  ca      512 Mar 25 19:39 ca.db.certs/
-rw-r--r--   1 root  ca      518 Mar 25 19:39 ca.db.index
-rw-r--r--   1 root  ca        3 Mar 25 19:39 ca.db.serial
-rw-r--r--   1 root  ca      887 Mar 25 19:25 ca.key
-rw-r--r--   1 root  ca      963 Mar 25 19:25 ca.key.secure
-rw-r--r--   1 root  ca      887 Mar 25 19:24 ca.key.unsecure
-rw-r--r--   1 root  ca      891 Mar 25 20:08 server.key
-rw-r--r--   1 root  ca      963 Mar 25 20:07 server.key.secure
-rw-r--r--   1 root  ca      891 Mar 25 20:08 server.key.unsecure
-rwxr-xr-x   1 root  ca     1784 Mar 25 19:19 sign.sh*


4) Now go make CSR's for the domains you want certs for:


$ openssl req -new -key server.key -out server.csr

Where "server.csr" is replaced by the freal domain, ie example.com.csr


5) Nos sign 'em

./sign.sh example.com.csr

You'll now have example.com.crt, just plug that into apache.conf
and restart and you're done.