All Snippets
Generate Self-Signed SSL Certificate
Create a self-signed TLS certificate for local development or internal services using OpenSSL.
Self-signed certificates are useful for local development, internal tools, and testing environments where you don't need a CA-signed cert.
One-liner: key + cert in one commandbash
| 1 | openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj "/CN=localhost" |
Flags breakdown:
What each flag doestext
| 1 | -x509 Output a self-signed certificate instead of a CSR |
| 2 | -newkey rsa:4096 Generate a new 4096-bit RSA key |
| 3 | -keyout key.pem Write the private key here |
| 4 | -out cert.pem Write the certificate here |
| 5 | -sha256 Use SHA-256 for signing |
| 6 | -days 365 Valid for one year |
| 7 | -nodes No passphrase on the private key |
| 8 | -subj "/CN=..." Set the Common Name (skip interactive prompts) |
With Subject Alternative Names (SAN)bash
| 1 | openssl req -x509 -newkey rsa:4096 \ |
| 2 | -keyout key.pem -out cert.pem \ |
| 3 | -sha256 -days 365 -nodes \ |
| 4 | -subj "/CN=myapp.local" \ |
| 5 | -addext "subjectAltName=DNS:myapp.local,DNS:*.myapp.local,IP:127.0.0.1" |
Never use self-signed certificates in production for public-facing services. Use Let's Encrypt or your organization's internal CA instead.