All Snippets

Generate Self-Signed SSL Certificate

Create a self-signed TLS certificate for local development or internal services using OpenSSL.

Self-signed certificates are useful for local development, internal tools, and testing environments where you don't need a CA-signed cert.

One-liner: key + cert in one commandbash
1
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj "/CN=localhost"

Flags breakdown:

What each flag doestext
1
-x509        Output a self-signed certificate instead of a CSR
2
-newkey rsa:4096   Generate a new 4096-bit RSA key
3
-keyout key.pem    Write the private key here
4
-out cert.pem      Write the certificate here
5
-sha256            Use SHA-256 for signing
6
-days 365          Valid for one year
7
-nodes             No passphrase on the private key
8
-subj "/CN=..."    Set the Common Name (skip interactive prompts)
With Subject Alternative Names (SAN)bash
1
openssl req -x509 -newkey rsa:4096 \
2
  -keyout key.pem -out cert.pem \
3
  -sha256 -days 365 -nodes \
4
  -subj "/CN=myapp.local" \
5
  -addext "subjectAltName=DNS:myapp.local,DNS:*.myapp.local,IP:127.0.0.1"

Never use self-signed certificates in production for public-facing services. Use Let's Encrypt or your organization's internal CA instead.