Generating Self-Signed Certificates with OpenSSL
Overview
This guide will show you how to generate self-signed certificates using OpenSSL.
Generating a Self-Signed Certificate (PEM)
Generate a self-signed certificate and private key in PEM format:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365Generate a self-signed certificate and private key in PEM format (no encryption/password):
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365 -nodesGenerating a Self-Signed Certificate (PKCS#12)
Generate a self-signed certificate and private key in PKCS#12 format:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365openssl pkcs12 -export -out certificate.pfx -inkey key.pem -in certificate.pemGenerate a self-signed certificate and private key in PKCS#12 format (no encryption/password):
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365 -nodesopenssl pkcs12 -export -out certificate.pfx -inkey key.pem -in certificate.pem -nodesGenerating a Self-Signed Certificate with Subject Alternative Names (SAN)
Generate a self-signed certificate with SAN in PEM format:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365 -nodes -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,DNS:www.example.com"IP Subject Alternative Names can be added like this:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out certificate.pem -days 365 -nodes -subj "/CN=example.com" -addext "subjectAltName=DNS:example.com,IP:192.168.1.1"