How To: Create Self-Signed Certificate – OpenSSL

What is a self-signed SSL certificate? A self-signed certificate is a certificate that is not signed by a trusted authority.

Nevertheless, the self-signed certificate provides the same level of encryption as a $100500 certificate signed by a trusted authority.

In this article i will show how to create a self-signed certificate that can be used for non-production or internal applications.

Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →

Create Self-Signed Certificate

Generate self-signed certificate using openssl:

$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 365 -subj '/CN=localhost'

Options that you might want to change while creating a self-signed certificate:

Option Description
-newkey rsa:4096 Generate a 4096 bit RSA key.
-keyout key.pem Save a key to the key.pem file.
-out cert.pem Save a certificate to the cert.pem file.
-nodes Do not protect the private key with a passphrase.
-days 365 The number of days to make a certificate valid for.
-subj '/CN=localhost' Use this option to suppress questions about the contents of the certificate. Replace localhost with your desired domain name.