16:50 < chris> openssl genrsa -out domainname.key 1024
16:51 < chris> openssl req -new -key domainname.key -out domainname.csr
16:51 < chris> and then you give that csr to your place and they give you a cert
16:51 < chris> if you want to do a self signed
16:51 < chris> you have to do more shit
16:51 < chris> like create a CA first
16:52 < chris> openssl genrsa -out ca.key 1024
16:52 < chris> openssl req -new -key ca.key -out ca.csr 
16:53 < chris> openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out 
               ca.cert
16:53 < chris> then

rerun first 2 for domain's .key and .csr files, then sign a cert for
that domain with your ca:

16:53 < chris> openssl x509 -req -days 365 -in domain.csr -CA ca.cert -CAkey 
               ca.key -CAcreateserial -out domain.cert

 
 
 
in sum, example for sql

  openssl genrsa -out $ca.key 2048
  openssl req -new -key $ca.key -out $ca.csr 
  openssl x509 -req -days 3650 -in $ca.csr -signkey $ca.key -out $ca.crt

  sql=domain.com
  openssl genrsa -out $sql.key 2048
  openssl req -new -key $sql.key -out $sql.csr

  # to sign the key with the self signed ca
  openssl x509 -req -days 365 -in $sql.csr -CA $ca.crt -CAkey $ca.key -CAcreateserial -out $sql.crt



to strip passphrase:

  openssl rsa -in $server.key -out $server.key.insecure
  mv $server.key $server.key.passphrased
  mv $server.key.insecure $server.key