Self signed using OpenSSL

21 Jun 2012

Next: 24 Jan 2013
Prev: 09 Sep 2011

How to generate a self signed SSL certificate using OpenSSL.

Below is a slight modification of the one described here. Rather than removing the encryption from the key we don’t add it in the first place and we use a larger key.

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12

Compared to other tutorials the first command is missing a -des3 flag which makes the key unencrypted in the first place.

For a website the common name must be the domain name.