Knowledge
  • Read Me
  • Programming
    • ASP.NET
      • .NET Libraries
      • ASP.NET Core
        • Helper
          • Encryption
          • CSV Helper
          • String Helper
        • Logging
          • Simple Serilog
        • Middlewares
          • IP Restrictions
          • Request Throttling
          • Request Logging
        • Console
          • Command Line with arguments
        • JSON
      • ASP.NET Framework
      • Testing
        • Resources
        • xUnit.net
      • Naming Conventions
      • REST API Guidelines
    • Database
      • SQL Style Guide
      • MSSQL
        • Installation
          • Install MSSQL on MacOS M1 (ARM64)
        • Looping
        • Table Valued Functions
        • Session State
        • SQL Cheat Sheet
        • Export Pipe Delimited CSV With cmdshell
      • Redis
        • Redis Installation on Mac OS
        • Redis Installation on Docker
    • Java
      • AWS SDK - SSM
      • mTLS HTTP Connection
      • Read Resource Files
    • Javascript
      • Javascript Libraries
    • Python
    • OpenSSL
      • One Way SSL & Two Way SSL
      • Common OpenSSL Commands
      • Create Self-Signed Certificate
    • Misc
      • Git Commands
      • Windows Commands
      • PowerShell Commands
      • Vulnerabilities Dependency Check
      • Replace Filename Command
      • JSON Web Token (JWT)
      • Rabbit MQ Message-Broker
      • Pandoc Convert Document
  • DevOps
    • What is DevOps
    • CI & CD
    • Azure DevOps
  • Tools
    • Development Tools
Powered by GitBook
On this page
  • Create Key With Openssl
  • Selfsigned certificate for local SSL usage
  • Simple steps to create self-signed certificate
  • Reference

Was this helpful?

  1. Programming
  2. OpenSSL

Create Self-Signed Certificate

PreviousCommon OpenSSL CommandsNextMisc

Last updated 4 years ago

Was this helpful?

Create Key With Openssl

This example is using openssl command on Ubuntu. If you are using Windows then you can use alternative tools, such as:

  • Install

  • Install that support for openssl commands.

To generate the key we will be using openssl on Ubuntu. We start firt by generating the private key myapp.key and public certificate myapp.crt:

openssl req -x509 -newkey rsa:4096 -keyout myapp.key -out myapp.crt -days 3650 -nodes -subj "/CN=myapp"

We name .key and .crt to follow the convention used in ssl for certificates which can be found under /etc/ssl/(private|certs). Next we combine them into a key myapp.pfx usable by dotnet:

openssl pkcs12 -export -out myapp.pfx -inkey myapp.key -in myapp.crt -name "Localhost HTTPS development"

The resulting myapp.pfx is the file which can be used to instantiate a X509Certificate2 object we needed.

If we already have a .pfx and want to extract the private key myapp.key and public key myapp.crt:

openssl pkcs12 -in key.pfx -nocerts -out myapp.key -nodes
openssl pkcs12 -in key.pfx -nokeys -out myapp.crt

Selfsigned certificate for local SSL usage

Just like how we created a key to be used for signing credentials, it is possible to use openssl to create selfsigned certificate to be used for SSL.

openssl req -x509 -newkey rsa:4096 -keyout localhost.key -out localhost.crt -days 3650 -nodes -subj "/CN=localhost"

openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -name "Localhost selfsigned certificate"

Simple steps to create self-signed certificate

Using commands below to generate private.key, .csr, self-signed-crt, keyStore.pfx, certificate.pem

# Generate new private key and csr, with blank password
openssl req -new -newkey rsa:2048 -nodes -keyout privateKey.key -out CSR.csr 

# Generate self-signed cert 
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

# Convert privateKey & certificate to keyStore pfx, with friendly alias name = "1", with blank keyStore password
openssl pkcs12 -export -out keyStore.pfx -inkey privateKey.key -in certificate.crt -name "1"

# Convert pfx to pem
openssl pkcs12 -in keyStore.pfx -out certificate.pem -nodes

Reference

OpenSSL - Installation under Windows
Cmder | Console Emulator
Self Signed Certificate