Saved for later

Self signed using OpenSSL

How to generate a self signed SSL certificate using OpenSSL.

Below is a slight modification of the one described here. Rather than removing the encryption from the key we don’t add it in the first place and we use a larger key.

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12

Compared to other tutorials the first command is missing a -des3 flag which makes the key unencrypted in the first place.

For a website the common name must be the domain name.

Creative Commons License