Generate a self-signed certificate

New
  • Published on Oct 21, 2025
  • 1 minute(s) read
  • AK
 Prev Next

To generate a self-signed certificate, execute the following commands in a terminal on a machine with OpenSSL installed:

# generate CA DER certificate and private key

openssl req -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -outform DER -days 365 -nodes

# generate TLS private key

openssl genpkey -algorithm RSA -outform DER -out tls.key -pkeyopt rsa_keygen_bits:2048

# generate certificate request for TLS certificates

openssl req -new -key tls.key -out ca.csr -outform DER

# sign TLS certificate with CA certificate

openssl x509 -req -inform DER -in ca.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out tls.crt -days 365 -outform DER