How to generate self-signed certificate in Linux

A yellow padlock on a wooden door.

In this tutorial, I will be using CentOS 7 to generate self-signed certificates. You can use any Linux operating system as long as it is Openssl install. To install Openssl follow the below guide:

Openssl installation

CentOS, Redhat, Fedora:

sudo yum install openssl

Ubuntu, Debian

sudo apt install openssl

Generating certificate with password

Command:

openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -out example.crt -keyout example.key

Interactive view:

Generating a 4096 bit RSA private key
...............++
................................................................................                                                                                        ....................................................++
writing new private key to 'example.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Houston
Organization Name (eg, company) [Default Company Ltd]:Example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:example.com
Email Address []:JohnSmith@example.com

Verify output

$ ls -l example.*
-rw-rw-r-- 1 test test 2110 Sep 30 20:14 example.crt
-rw-rw-r-- 1 test test 3406 Sep 30 20:14 example.key

Generating certificate without password

Command:

openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -out example1.crt -keyout example1.key -nodes

Interactive view:

Generating a 4096 bit RSA private key
......................................................................................................++
................................................................................................................++
writing new private key to 'example1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Texas
Locality Name (eg, city) [Default City]:Houston
Organization Name (eg, company) [Default Company Ltd]:Example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:example1.com
Email Address []:JohnSmith@example.com

Verify output

$ ls -l example1.*
-rw-rw-r-- 1 test test 2110 Sep 30 20:40 example1.crt
-rw-rw-r-- 1 test test 3406 Sep 30 20:40 example1.key

Leave a Comment

Scroll to Top