Creating a new SSL certificates:
1. If it is missing, you will have to create a new one key.
root# openssl genrsa -out filename.key 1024
2. Create a CSR
root# openssl req -new -key filename.key -out filename.csr
3. Remove pass-phrase from a key – If you don’t have pass-phrase don’t do it.
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:
cp filename.key filename.key.org
openssl rsa -in filename.key.org -out filename.key
4. Generating the certificate/Self-Signed certificate
root# openssl x509 -req -days 730 -in filename.csr -signkey filename.key -out filename.crt
5. Make it into the .pem format
root# cat filename.key filename.crt > filename.pem