Generate a Self-Signed SSL Certificate

Generate a Self-Signed SSL Certificate

First, determine the name to be used for the key. For a webserver, use the fully qualified domain name. For a more general key (*, just use the domain. The following example creates a general purpose 2048-bit key for that is valid for 10 years. Generate a private key and secure it with a passphrase. This passphrase will be temporarily.

openssl genrsa -des3 -out 2048

Generate the certificate signing request.

openssl req -new -key -out

Answer the questions as prompted

  • Country Name: US
  • State or Province Name: Michigan
  • Locality Name (eg, city) [Default City]:Detroit
  • Organization Name: Jonathan E. Ross
  • Organizational Unit Name:
  • Common Name: *
  • Email Address:
  • A challenge password: (leave blank)
  • An optional company name: (leave blank)

Remove the temporary passphrase from the private key.

openssl rsa -in -out

Sign the certificate signing request ourselves.

openssl x509 -req -days 3650 -in -signkey -out