How to generate a self-signed SSL certificate and private key with one command

This article describes how to create a SSL private key and public certificate with one single command. These are often used in webserver setups to enable secure communication via HTTPS.

Make sure OpenSSL is installed on your computer. This is usually already the case on Linux and Apple devices; on Windows you can install it e.g. with Chocolatey (in an elevated command prompt):

choco install -y openssl

Execute the following command in a shell:

openssl req -x509 -newkey rsa:4096 -sha256 -nodes -subj "/CN=example.com" -addext "subjectAltName = DNS:example.com" -keyout example.com.key -out example.com.crt -days 365

This will result in:

• a 4096-bit RSA key in PEM format stored in example.com.key
• a X.509 certificate in PEM format stored in example.com.crt

The certificate signature will be hashed using SHA256 and will be valid for 365 days = one year. The subject common name will be set to example.com, and a subjectAltName extension with the DNS name example.com will be added as well.

References

• https://www.openssl.org/docs/manmaster/man1/openssl-x509.html
• https://www.openssl.org/docs/manmaster/man1/req.html