search

Create Self-Signed Certificate

hashtag
Create Key With Openssl

This example is using openssl command on Ubuntu. If you are using Windows then you can use alternative tools, such as:

To generate the key we will be using openssl on Ubuntu. We start firt by generating the private key myapp.key and public certificate myapp.crt:

openssl req -x509 -newkey rsa:4096 -keyout myapp.key -out myapp.crt -days 3650 -nodes -subj "/CN=myapp"

We name .key and .crt to follow the convention used in ssl for certificates which can be found under /etc/ssl/(private|certs). Next we combine them into a key myapp.pfx usable by dotnet:

openssl pkcs12 -export -out myapp.pfx -inkey myapp.key -in myapp.crt -name "Localhost HTTPS development"

The resulting myapp.pfx is the file which can be used to instantiate a X509Certificate2 object we needed.

If we already have a .pfx and want to extract the private key myapp.key and public key myapp.crt:

openssl pkcs12 -in key.pfx -nocerts -out myapp.key -nodes
openssl pkcs12 -in key.pfx -nokeys -out myapp.crt

hashtag
Selfsigned certificate for local SSL usage

Just like how we created a key to be used for signing credentials, it is possible to use openssl to create selfsigned certificate to be used for SSL.

openssl req -x509 -newkey rsa:4096 -keyout localhost.key -out localhost.crt -days 3650 -nodes -subj "/CN=localhost"

openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt -name "Localhost selfsigned certificate"

hashtag
Simple steps to create self-signed certificate

Using commands below to generate private.key, .csr, self-signed-crt, keyStore.pfx, certificate.pem

hashtag
Reference

PreviousCommon OpenSSL CommandsNextMisc

Last updated