For some reason, it might be very difficult to find information on how to renew a self-signed certificate. This is a nice (and short) explanation: http://linux.togaware.com/survivor/Renew_SSL.html.
Please note that a .pem file is in fact (as you can guess from the small guide) a combined .key and .crt.
In short and only for the purpose of not loosing this reference (as has happened many times before with sites referenced on this blog), here is the procedure (just adapt to your case, i.e. replace togaware.com and all locality details with yours). The “Common name” requested by the openssl command is the domain name. Leave top level domain name without prefix for multiple domains certificates. Note that the filenames (togaware.com.key, etc) do not have any importance apart that the extension (.pem, .key, .crt) might be helpful later on when wondering which file does what:
# cd /etc/apache2/ssl # openssl genrsa -out togaware.com.key 1024 # chmod 600 togaware.com.key # openssl req -new -key togaware.com.key -out togaware.com.csr AU ACT Canberra Togaware Data Mining Kayon Toga Kayon.Toga@togaware.com (no challenge password) # openssl x509 -req -days 365 -in togaware.com.csr -signkey togaware.com.key -out togaware.com.crt # mv apache.pem apache.pem.old # cp togaware.com.key apache.pem # cat togaware.com.crt >> apache.pem # chmod 600 apache.pem # service apache2 restart
If you are only replacing an old certificate, make sure you save the old file and generate the new files using the previous names. If you have several virtual hosts, this will save you a whole lot of time.