In this tutorial, I will be using CentOS 7 to generate self-signed certificates. You can use any Linux operating system as long as it is Openssl install. To install Openssl follow the below guide:
Openssl installation
CentOS, Redhat, Fedora:
sudo yum install openssl
Ubuntu, Debian
sudo apt install openssl
Generating certificate with password
Command:
openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -out example.crt -keyout example.key
Interactive view:
Generating a 4096 bit RSA private key
...............++
................................................................................ ....................................................++
writing new private key to 'example.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Houston
Organization Name (eg, company) [Default Company Ltd]:Example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:JohnSmith@example.com
Verify output
$ ls -l example.*
-rw-rw-r-- 1 test test 2110 Sep 30 20:14 example.crt
-rw-rw-r-- 1 test test 3406 Sep 30 20:14 example.key
Generating certificate without password
Command:
openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -out example1.crt -keyout example1.key -nodes
Interactive view:
Generating a 4096 bit RSA private key
......................................................................................................++
................................................................................................................++
writing new private key to 'example1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Houston
Organization Name (eg, company) [Default Company Ltd]:Example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:example1.com
Email Address []:JohnSmith@example.com
Verify output
$ ls -l example1.*
-rw-rw-r-- 1 test test 2110 Sep 30 20:40 example1.crt
-rw-rw-r-- 1 test test 3406 Sep 30 20:40 example1.key