Generate a new self-signed cert or CSR for a virtual server.
A self-signed certificate is one that can be used immediately to protect a virtual server with SSL, but is not validated by a certificate authority. As such,
browsers will typically warn the user that it cannot be validated, and thus provides not protection against man-in-the-middle attacks. All Virtualmin server with SSL enabled have a self-signed cert by default, but this command can be used to create a new one, perhaps with different hostnames or more information about the owner.
The virtual server to create a cert for must be specified with the
--domain parameter, followed by a domain name. You must also supply the
--self flag, to indicate that a self-signed cert is being created. Additional details about the certificate's owner can be set with the following optional flags :
--o - Followed by the name of the organization or person who owns the domain.
--ou - Sets the department or group within the organization.
--c - Sets the country.
--st - Sets the state or province.
--l - Sets the city or locality.
--cn - Specifies the domain name in the certificate.
When run, the command will create certificate and private key files, and configure Apache to use them. Any existing files will be overwritten.
This command can also create a CSR, or certificate signing request. This is a file that is sent to a certificate authority like Verisign or Thawte along with payment and a request to validate the owner of a domain. The command is run in the same way, except that the
--csr flag is used instead of
--self, and the generated files are different.
Once the CA has validated the certificate, they will send you back a signed cert that can be installed using the
--install-cert command or the Virtualmin web interface.
Command Line Help
Generates a new self-signed certificate or CSR. virtualmin generate-cert --domain name --self | --csr [--size bits] [--days expiry-days] [--cn domain-name] [--c country] [--st state] [--l city] [--o organization] [--ou organization-unit] [--email email-address] [--alt alternate-domain-name]*