How to create a self-signed certificate using openssl?

What is a digital certificate?

Digital certificate contains keys for authenticating the holder of the certificate. It is typically issued by a trusted entity called CA (Certificate Authority). Self-signed certificate is used for testing purpose which is issued by yourself without the need for a Trusted CA.

Using OpenSSL to generate self-signed certificate

Open SSL is an open source software that can be used to support SSL in your application. You can download the OpenSSL for Windows here. The software contains set of utilities to generate SSL certificates.

Step 1: Generate the Certificate signing request

C:\>openssl req -x509 -days 1000 -newkey rsa:2048 -keyout sjkey.pem -out sjcert.pem

Enter a pass phrase that you can remember. You need this at a later point of time.

You need to enter the following details. As this is a test certificate, you can enter any random values here

  1. State or Province Name (full name) [Some-State]:
  2. Locality Name (eg, city) []:
  3. Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  4. Organizational Unit Name (eg, section) []:
  5. Common Name (e.g. server FQDN or YOUR name) []:
  6. Email Address []:

This will generate two files

  1. sjkey.pem - Contains your private key
  2. sjcert.pem - Containers your public key

Step 2: Export the keys to PFX

C:\>openssl pkcs12 -export -in sjcert.pem -inkey sjkey.pem -out sj-test-cert.pfx

You will need to enter the passphrase here that was provide earlier while generating the keys files in the first step.

The PFX file needs to have password as it has confidential information. You will be asked for a password in this step

This will create a file sj-test-cert.pfx in the PFX format that contains both the private and public keys.

Step 3: Create Public key certificate from PFX

C:\>openssl pkcs12 -in sj-test-cert.pfx -clcerts -nokeys -out sj-test-cert-public.pem

This will export only the Public key to a file named sj-test-cert-public.pem


At the end of these these steps we would have two files that need to be stored. The PFX file contains the private and public key that need to be stored securely and the password used to encrypt should not be shared. This PFX file is used for signing the content. The Public key file generated at the last step contains the Public key that has to be shared with others who need to verify the content signed by you.

Hope this information was useful to you. Please let me know if you have any questions that I can answer.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.