polywogsys

So instead of regenerating a new SSL key, Signature, and Certificate, I just resigned my old (self signed) CSR from last year. To do this, you need your old PEM/KEY and your old CSR. If you do, then the command is simply:

openssl x509 -req -days 365 -in LAST_YEARS.CSR -signkey LAST_YEARS.KEY -out THIS_YEARS.CRT

FYI, If you wish to generate a new new self signed cert with an unencrypted key (so you can restart apache without typing a password):

OUTFILE=my_server_ssl
TMPFILE=`mktemp`
dd if=/dev/urandom of="$TMPFILE" bs=1024 count=1
# Create a randomly generated file to seed below
openssl genrsa -des3 -rand ${TMPFILE} -out ${OUTFILE}.key 1024
# Decrypt the ${OUTFILE} key, b/c Apache will hang asking for a passphrase
# if we use the above ${OUTFILE}.key
openssl rsa -in ${OUTFILE}.key -out ${OUTFILE}.pem
# Generate a request
openssl req -new -key ${OUTFILE}.key -out ${OUTFILE}.csr
# Self signed bit
openssl x509 -req -days 365 -in ${OUTFILE}.csr -signkey ${OUTFILE}.key -out ${OUTFILE}.crt