How to generate a self-signed SSL certificate and private key with one command
Last updated: 17. June 2021
This article describes how to create a SSL private key and public certificate with one single command. These are often used in webserver setups to enable secure communication via HTTPS.
choco install -y openssl
Execute the following command in a shell:
$ openssl req -x509 -newkey rsa:4096 -sha256 -nodes -subj "/CN=example.com" -addext "subjectAltName = DNS:example.com" -keyout example.com.key -out example.com.crt -days 365
This will result in:
4096-bit RSA key in PEM format stored in
- a X.509 certificate in PEM format stored in
The certificate signature will be hashed using
SHA256 and will be valid for
365 days = one year. The subject
common name will be set to
example.com, and a
subjectAltName extension with the DNS name
example.com will be added as well.