Self Signed Certificates

In Linux you can create a self signed certificate pretty easily, you can even create a request for multiple sites supported by one certificate, it looks something like this:

cd /etc/pki/tls/private/

SAN="DNS:*," openssl req -new -key ca.key -out

Type in some answers here when prompted, probably for as the server and so on.

Okay, but now I need to server to sign that request, so:

openssl x509 -req -days $((365 * 3)) -in -signkey ca.key

So that works.

Internet Explorer won't let me export the key because of course it doesn't match (and I'm working with a limited permission user as recommended) but Chrome does.

After you get policy updated, people will be able to access your SSL site (within the domain) without any errors.

Active Directory

C:\>certreq -submit -attrib "CertificateTemplate:WebServer" request.csr


Also see: