if you want to create a self-signed certificate with OpenSSL (useful for encryption-only purposes, e.g. your own mailserver) just do the following:
openssl req -x509 -nodes -days 365 -subj '/C=DE/ST=Bayern/L=Munich/CN=www.example.com' -newkey rsa:2048 -keyout key4cert.pem -out cert.pem
“-nodes” makes the key unencrypted
“-days” makes it valid for n days
“-subj” provides your personal info for the cert, take care of the “CN” – it has to be your hostname as called by the client. Otherwise the client will always complain about a difference between the cert and the reality 🙂
“-newkey” makes it a rsa key with 2048 bits
Thanks a lot to madboa.com!
Use it right, use it tight.