Shortcut (e.g. with OpenSSL 1.1.0f and Apache 2.4.37):
openssl genrsa -out notEncodedPk.key 3072 openssl req -new -out website.csr -sha256 -key notEncodedPk.key openssl x509 -req -in website.csr -days 365 -signkey notEncodedPk.key -out website.cert -outform PEM
genrsa generates a 3072-bit RSA key. (The system must be connected to the network for some time in order to have good data in / dev / (u) arbitrarily for filling.) There is no need to create encrypted PK (1) and then use rsa to remove the password afterwards. (Maybe a password was needed in earlier versions of the tools?)
req creates a certificate signing request and uses PK to sign. Providing something like -sha256 for the digest is optional. (3) Provide information in the online questionnaire. Make sure your site’s domain is specified as “Common name:”, otherwise Apache will issue a warning (AH01909) and browsers will generate an “invalid certificate” message because the URL / domain does not match the certificate data (2). Leave the "Call Password:" blank.
Use x509 to create a self-signed certificate with -signkey (the theme is copied to the issuer). Typically, a command works with certificates, but with -req it accepts CSR as input. Then use your PK to sign the certificate. (-outform and -days are optional, with 30 days as the default value for the latter.)
Source of problem:
As user 207421 already pointed out: req creates a CSR, OR creates a self-signed certificate similar to a root CA certificate, so a typical tutorial
openssl req -x509 -nodes -days 365 -newkey rsa:3072 -sha256 -keyout website.key -out website.cert
This is short, but usually not what you want. You can also compare the generated certificates with
openssl x509 -text -noout -in website.cert
In the certificate created using the one-line command, you see the section “Extensions X509v3:” with “Basic limitations of X509v3: critical CA: TRUE”. This is exactly the Apache warning.
Instead, if you create a certificate with three steps, the "X509v3 extensions:" section is not included in the certificate.
Application:
(1) Protecting your PC with a password is a good idea in most cases. If PK is stored without encryption, be sure to restrict root access. If you use a password, you must use the -passout / - passin options, but keep in mind that the simple "x" no longer works, because some OpenSSL tools require at least 4 characters (otherwise: "the result is too small / bad “password read”). In addition, in Apache you should use something like the built-in SSLPassPhraseDialog to manually enter the required password for PK (or even for all PK / certificates) during Apache startup.
(2) In any case, browsers will display a warning for self-signed certificates.
(3) Using SHA-1 would not be enough for such a large RSA key. In general, a good idea is to check your openssl.conf, for example in Debian 9 in /etc/ssl/openssl.conf, which contains various default values, for example signer_digest = sha256.
In the Debian 9 file, you will also find the line x509_extensions = v3_ca in the [req] section, which is why the req command, combined with the -x509 parameter, adds the CA-related extension (basicContraints = critical, CA: true) if used in a single-line style for create a self-signed certificate.
In addition, you may notice the comment line # req_extensions = v3_req. Since this line is commented out (in openssl.cnf by default in Debian 9), simply using the req command does not include any extensions.
Note that you can use this line in the modified file to add an alternative subject name to the certificate, for example, so that it can handle several (sub-) domains (usually a much better choice than using the wildcard e in CN, for example * .example. com).