OpenSSL - Self-signed certificate

Creation of a self-signed certificate using OpenSSL

The tool OpenSSL can be used to create a self-signed certificate. However, it is important to note that a self-signed certificate won't be trusted by most browsers.

A Certificate Signing Request (CSR) aim to ask a trusted authority for a digital certificate.

A Certificate Signing Request usually includes:

Subject name
Company name
Organization
Organization unit
Common name
Email
Public key of the requester (this require the requester to previously generate a key pair)

OpenSSL allows us to make a CSR using a simple one liner.

The command below creates a x509 certificate using a 4096 bits key. This key will be encrypted using the SHA-1 algorithm.

openssl req -x509 -newkey rsa:4096 -keyout amandineghpro.ca.key -out amandineghpro.ca.pem -sha256 -days 365

Then, we are prompted to choose a passphrase that will be used to encrypt data and any others information included in the CSR.

PreviousSSL/TLS Theory NextCloudflare

Last updated 1 year ago