A self-signed SSL certificate is a certificate that is not signed by a trusted certificate authority (CA). A self-signed certificate commonly used for testing purposes or internal usage. This tutorial demonstrates how to generate self-signed SSL certificate using OpenSSL.
openssl req command can be used for generating self-signed SSL certificate. For example, the following command generates the 2048-bit RSA private key and X.509 certificate valid for 1 year:
openssl req -newkey rsa:2048 -nodes -x509 -days 365 -keyout test.key -out test.crt -subj "/C=US/O=Test Company/OU=Test Organization Unit/CN=test.com"
The meaning of options:
-newkey rsa:2048- creates a new certificate signing request and 2048-bit RSA private key.
-nodes- specifies that private key should be created without encryption.
-x509- specifies that a self-signed certificate should be created instead of a certificate signing request.
-days 365- specifies the number of days the certificate will be valid.
-keyout test.key- specifies where private key should be saved.
-out test.crt- specifies where certificate should be saved.
-subj "..."- allows to specify subject information for certificate.
Meaning of fields specified in
C- country name (2 letter code).
O- organization name.
OU- organizational unit name.
CN- common name (e.g. fully qualified domain name, IP address).