A SSL certificate is a way to encrypt a site’s information and create a more secure connection. Additionally, the certificate can show the virtual private server’s identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server’s details while a self-signed certificate has no 3rd party corroboration.

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt

With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the current directory.

This command will prompt terminal to display a lists of fields that need to be filled in.

The most important line is “Common Name”. Enter your official domain name here:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) [Some-State]:KL
Locality Name (eg, city) []:KL
Organization Name (eg, company) [Internet Widgits Pty Ltd]:IPS1
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:example@ips1.com

The SSL cert is now genarated and can be used for the web or mail service.