Generate Self-Signed SSL Certificate using OpenSSL

Generate Self-Signed SSL Certificate using OpenSSL

A self-signed SSL certificate is a certificate that is not signed by a trusted certificate authority (CA). A self-signed certificate commonly used for testing purposes or internal usage. This tutorial demonstrates how to generate self-signed SSL certificate using OpenSSL.

The openssl req command can be used for generating self-signed SSL certificate. For example, the following command generates the 2048-bit RSA private key and X.509 certificate valid for 1 year:

openssl req -newkey rsa:2048 -nodes -x509 -days 365 -keyout test.key -out test.crt -subj "/C=US/O=Test Company/OU=Test Organization Unit/"

The meaning of options:

  • -newkey rsa:2048 - creates a new certificate signing request and 2048-bit RSA private key.
  • -nodes - specifies that private key should be created without encryption.
  • -x509 - specifies that a self-signed certificate should be created instead of a certificate signing request.
  • -days 365 - specifies the number of days the certificate will be valid.
  • -keyout test.key - specifies where private key should be saved.
  • -out test.crt - specifies where certificate should be saved.
  • -subj "..." - allows to specify subject information for certificate.

Meaning of fields specified in -subj line:

  • C - country name (2 letter code).
  • O - organization name.
  • OU - organizational unit name.
  • CN - common name (e.g. fully qualified domain name, IP address).

Leave a Comment

Cancel reply

Your email address will not be published.