Martin Klier


How to create a self-signed OpenSSL certificate

Hi folx,

if you want to create a self-signed certificate with OpenSSL (useful for encryption-only purposes, e.g. your own mailserver) just do the following:

openssl req -x509 -nodes -days 365
-subj '/C=DE/ST=Bayern/L=Munich/CN=www.example.com'
-newkey rsa:2048 -keyout key4cert.pem
-out cert.pem

It means:
“-nodes” makes the key unencrypted
“-days” makes it valid for n days
“-subj” provides your personal info for the cert, take care of the “CN” – it has to be your hostname as called by the client. Otherwise the client will always complain about a difference between the cert and the reality 🙂
“-newkey” makes it a rsa key with 2048 bits

Thanks a lot to madboa.com!

Use it right, use it tight.


Lost, deleted or corrupted a voting disk (quorum) in Oracle RAC 10.2 ?
Prepare IPtables for the Cisco VPN Client

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.