Creating a Self-Signed Certificate

From WilliamsNet Wiki
Revision as of 01:27, 3 August 2019 by DrEdWilliams (talk | contribs) (Created page with "You can do that in one command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 You can also add '''-nodes''' if you don't want to protect your p...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

You can do that in one command: 

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

You can also add -nodes if you don't want to protect your private key with a passphrase, otherwise it will prompt you for "at least a 4 character" password. The days parameter (365) you can replace with any number to affect expiration date. It will then prompt you for things like "Country Name" but you can just hit enter and accept defaults. Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA

Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain)

Reading/Verifying a certificate 

openssl x509 -in certificate.crt -text -noout
Retrieved from "http://wiki.williams-net.org/index.php?title=Creating_a_Self-Signed_Certificate&oldid=34"