Creating a Self-Signed Certificate: Difference between revisions

From WilliamsNet Wiki
Jump to navigation Jump to search
(Created page with "You can do that in one command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 You can also add '''-nodes''' if you don't want to protect your p...")
(No difference)

Revision as of 01:27, 3 August 2019

You can do that in one command: 

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

You can also add -nodes if you don't want to protect your private key with a passphrase, otherwise it will prompt you for "at least a 4 character" password. The days parameter (365) you can replace with any number to affect expiration date. It will then prompt you for things like "Country Name" but you can just hit enter and accept defaults. Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA

Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain)

Reading/Verifying a certificate 

openssl x509 -in certificate.crt -text -noout
Retrieved from "http://wiki.williams-net.org/index.php?title=Creating_a_Self-Signed_Certificate&oldid=34"