Self signed certificate

12/03/2015 By emehany

You can do that in one command:

sudo openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX

You can add -nodes if you don't want to protect your private key with a passphrase.

Self-signed certs are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a CA.


Generally, these are the steps to generate a self signed certificate


1- Generate a a private key

sudo openssl genrsa -out example.key 2048


2- Request a Certificate signing request

sudo openssl req -new -key example.key -out example.csr


3- Generate the certificate signed with our generated key

sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.key


Once the certificate is generated, the server configuration should be updated to include the new certificate. Next, we check if it works

curl -I -k https://ipaddress
-k skips the check of ssl authenticity


Leave a comment

Login to Comment