Skip to content

Generate a Self-Signed Certificate with One Easy Command

The following command will create a self-signed certificate valid for 10 years that can be used for various web services (web servers, mail servers, etc...).

Replace hostname.lan with your own hostname or domain name for the service you will be hosting.

This will generate a private key and a public key.

NOTE: Passing -nodes will make the private key NOT password-protected.

openssl req -x509 -newkey rsa:4096 -sha256 \
-days 3650 \
-nodes \
-keyout "private.key" -out "public.crt" \
-subj "/CN=hostname.lan" \
-addext "subjectAltName=DNS:hostname.lan"

If you need a PFX or PKCS#12 file, you can combine the public and private keys above into a PFX file by running:

openssl pkcs12 -inkey "private.key" -in "public.crt" -export -out certificate.pfx