openssl: Create a selfsigned certificate

Hi,

creating selfsigned certificate with openssl is one step 🙂

This command creates a 4096 Bit key ( myKey.key ) and the corresponding selfsigned public key (myCert.pem).

michael@debdev ~ # openssl req -x509 \
-newkey rsa:4096 \
-keyout myKey.key \
-out myCert.pem \
-sha256 \
-days 365 \
-batch \
-nodes \
-subj "/C=DE/ST=Franken/L=Nuremburg/O=my Organizaton/OU=My Department/CN=myHostname.myDomain.org/emailAddress=myEMailAddress@myDomain.org"

and with keyusage and extented key usage

openssl req -x509 -newkey rsa:2048 -keyout private.key -out cert.pem -days 365 -nodes -subj "/CN=myServer.myDomain.org" -addext "keyUsage=keyEncipherment,dataEncipherment" -addext "extendedKeyUsage=serverAuth"

If you don’t want to set a passphrase on the private key omit the -nodes switch.

Michael

Leave a Reply