A self-signed SSL certificate is a certificate that is not signed by a trusted certificate authority (CA). A self-signed certificate commonly used for testing purposes or internal usage. This tutorial demonstrates how to generate self-signed SSL certificate using OpenSSL.
The openssl req command can be used for generating self-signed SSL certificate. For example, the following command generates the 2048-bit RSA private key and X.509 certificate valid for 1 year:
openssl req -newkey rsa:2048 -nodes -x509 -days 365 -keyout test.key -out test.crt -subj "/C=US/O=Test Company/OU=Test Organization Unit/CN=test.com"The meaning of options:
-newkey rsa:2048- creates a new certificate signing request and 2048-bit RSA private key.-nodes- specifies that private key should be created without encryption.-x509- specifies that a self-signed certificate should be created instead of a certificate signing request.-days 365- specifies the number of days the certificate will be valid.-keyout test.key- specifies where private key should be saved.-out test.crt- specifies where certificate should be saved.-subj "..."- allows to specify subject information for certificate.
Meaning of fields specified in -subj line:
C- country name (2 letter code).O- organization name.OU- organizational unit name.CN- common name (e.g. fully qualified domain name, IP address).
Leave a Comment
Cancel reply