Skip to content. | Skip to navigation

Navigation

You are here: Home / Support / Guides / Tools / SSL Certificates / Creating a Self-Signed Certificate

Personal tools

SSL Certificates

How you can easily create and manage SSL certificates

Creating a Self-Signed Certificate

Most people will be happy having generated their CSR and sent it off to their certificate signing authority (along with their hard-earned cash). However, we're interested in being a CA so let's dive in.

Generating

You can generate your own self-signed certificate from your private key:

openssl req -x509 -sha256 -new -key ssl-certificate.key -out ssl-certificate.crt

which will prompt you for the same information as for a CSR, however this time you have a self-signed certificate in ssl-certificate.crt.

Checking

You can check the contents of your certificate with:

openssl x509 -in ssl-certificate.crt -noout -text

Note that here the Issuer and the Subject are the same entity. When someone else signs your certificate they will appear as the Issuer.

What's more, your self-signed certificate is a fully fledged CA and SSL server certificate (even if your browser doesn't automatically trust it). You can check this with:

openssl x509 -in ssl-certificate.crt -noout -purpose

which should give output suggesting it does everything.

SHA256

Again, check your certificate reports:

Signature Algorithm: sha256WithRSAEncryption

One-Liner

If you're feeling particularly keen you can avoid generating the private key in a separate command:

openssl req -x509 -sha256 -newkey rsa:1024 -keyout server-key.pem -out server-req.pem

Note that you'll be forcibly asked for a pass phrase for your key (you can always hit RETURN).

Document Actions