What is a self-signed SSL certificate? A self-signed certificate is a certificate that is not signed by a trusted authority.
Nevertheless, the self-signed certificate provides the same level of encryption as a $100500 certificate signed by a trusted authority.
In this article i will show how to create a self-signed certificate that can be used for non-production or internal applications.
Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →
Create Self-Signed Certificate
Generate self-signed certificate using openssl:
$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'
Options that you might want to change while creating a self-signed certificate:
| Option | Description |
|---|---|
-newkey rsa:4096 |
Generate a 4096 bit RSA key. |
-keyout key.pem |
Save a key to the key.pem file. |
-out cert.pem |
Save a certificate to the cert.pem file. |
-nodes |
Do not protect the private key with a passphrase. |
-days 365 |
The number of days to make a certificate valid for. |
-subj '/CN=localhost' |
Use this option to suppress questions about the contents of the certificate. Replace localhost with your desired domain name. |