Posted by: jasonk2600 | January 5, 2010

Quickie HowTo: Creating a Self-Signed Certificate

This Quickie HowTo explains how to create a self-signed certificate on any system running OpenSSL.

Step 1. – Create a new key pair.

# openssl genrsa –out mycert.key 1024

Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)


Step 2. – Create a Certificate Signing Request (CSR) with the newly created key pair.

# openssl req –new –key mycert.key –out mycert.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:YourState
Locality Name (eg, city) []:YourCity
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourCompany
Organizational Unit Name (eg, section) []:MIS
Common Name (eg, YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password
An optional company name []:


Step 3. – Create and self-sign a new certificate using the newly created CSR and key pair.

# openssl x509 –req –days 365 –in mycert.csr \
> -signkey mycert.key -out mycert.crt

Signature ok
Getting Private key


The newly created certificate is now ready for use.  It is imperative that you keep your key pair confidential and secure.  Access by unauthorized parties to your key pair will compromise the validity of your certificate!




  1. […] Creating a Self-Signed Certificate. […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s


%d bloggers like this: