• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

OpenSSL Self Signed Certificate

March 15, 2022 by Mister PKI Leave a Comment

Top online courses in IT & Software

This article will demonstrate how to use OpenSSL to create a self signed certificate.

First things first. What is a self signed certificate? A self signed certificate is exactly what it sounds like. The private key of the key pair signs its own SSL certificate. It is not signed by a CA (Certification Authority) and therefore is not publicly trusted and has a certificate path of size 1. Self signed certificates are useful in internal networks and in testing, but are not advantageous in a public environment.

You may have found this article for a number of different use cases. OpenSSL does support creating self signed certificates, so let us continue on with how to create a self signed certificate with OpenSSL.

OpenSSL create self signed certificate

To create the self signed certificate, use the req command.

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -sha256 -days 365 -subj="/CN=Test"

Here is a breakdown of the command:

-x509 Create an X.509 certificate

-newkey rsa:2048 The key pair should have an RSA key size of 2048

-keyout key.pem Output the private key in the file named key.pem

-out cert.pem Output the self signed certificate containing the public key into the file cert.pem

-sha256 Sign the certificate with the SHA256 algorithm

-days 365 The validity period of the self signed certificate in days

-subj="/CN=Test" The subject dn of the certificate

If you do not provide a passphrase you will see the following error:

139644670686528:error:28078065:UI routines:UI_set_result_ex:result too small:../crypto/ui/ui_lib.c:905:You must type in 4 to 1024 characters
139644670686528:error:2807106B:UI routines:UI_process:processing error:../crypto/ui/ui_lib.c:545:while reading strings
139644670686528:error:0906406D:PEM routines:PEM_def_callback:problems getting password:../crypto/pem/pem_lib.c:59:
139644670686528:error:0907E06F:PEM routines:do_pk8pkey:read key:../crypto/pem/pem_pk8.c:83:

After running the command and providing a passphrase you can output your self signed certificate with cat cert.pem and copy and paste the PEM encoded cert into our Certificate Decoder.

Conclusion

In conclusion, this article has demonstrated how to create a self signed certificate with OpenSSL. It can be completed with one line and a passphrase. If you have any questions or would like to see more detailed examples of generating the self signed certificate then let us know in the comments.

For more examples on generating self signed certificates:

Python self signed certificate

Java self signed certificate

openssl,  SSL Certificates

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • netsh http add sslcert
  • netsh http show sslcert
  • netsh http delete sslcert
  • How to Install an SSL Certificate on Tomcat
  • openssl s_client commands and examples

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022