How to create a self-signed OpenSSL certificate

Hi folx,

if you want to create a self-signed certificate with OpenSSL (useful for encryption-only purposes, e.g. your own mailserver) just do the following:

openssl req -x509 -nodes -days 365
-subj '/C=DE/ST=Bayern/L=Munich/'
-newkey rsa:2048 -keyout key4cert.pem
-out cert.pem

It means:
“-nodes” makes the key unencrypted
“-days” makes it valid for n days
“-subj” provides your personal info for the cert, take care of the “CN” – it has to be your hostname as called by the client. Otherwise the client will always complain about a difference between the cert and the reality :)
“-newkey” makes it a rsa key with 2048 bits

Thanks a lot to!

Use it right, use it tight.


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply