New: Try our AI‑powered Search (Ctrl + K) — Read more

Generate a Self-Signed Certificate

Updated
  • Updated on Mar 9, 2026
  • Published on Oct 21, 2025
  • 1 minute(s) read
Prev Next

To Generate a Self-Signed Certificate on MacOS with OpenSSL 3.5

        Note: Commands may vary slightly depending on your system environment.    

  1. Generate CA certificate (DER) and private key (PEM)          

    openssl req -x509 -newkey rsa:2048 -keyout ca.key -out ca.crt -outform DER -days 365 -nodes

  2. Generate TLS private key in PKCS#1 format:           

    openssl genrsa -out tls.pem.key 2048

  3. Generate CSR in PEM format:      

    openssl req -new -key tls.pem.key -out tls.csr

  4. Sign the TLS certificate with the CA certificate:             

    openssl x509 -req -in tls.csr -CA ca.crt -CAform DER -CAkey ca.key -CAcreateserial -out tls.crt -days 365 -outform DER

  5. Convert private key to DER format (PKCS#1)

    openssl rsa -in tls.pem.key -out tls.key -outform DER

  6. Convert certificates to PEM format for trusted certificate stores:             

    openssl x509 -in ca.crt -inform DER -out ca.pem -outform PEM
openssl x509 -in tls.crt -inform DER -out tls.pem -outform PEM

  7. Clean up intermediate files:     

    rm tls.pem.key

© 2026 Cisco and/or its affiliates. All rights reserved.

For more information about trademarks, please visit: Cisco trademarks 
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit:  Accedian legal terms and trademarks


© 2026 Cisco Privacy Statement Cookies Legal