How to Create Self-Signed SSL using OpenSSL
self signed ssl

01/02/2019 by admin with 0 comments

How to Create Self-Signed SSL using OpenSSL

Why is Open SSL the best option for creating Self-Signed SSL?

SSL Certificates have been around for more than a decade now but it was recently when Google made it indispensable that everyone started thinking about it. SSL Certificate is not a Google product but an encryption service that encrypts all data that is transmitted through your site. SSL Certificates are making the world a better place one website at a time.


Secure Socket layer is overcoming the security concerns and allow webmasters to do business online without being threatened or challenged. Un-authorized personnel, hackers and data thieves are going to have a hard time attacking and hacking data from sites secured with SSL certificates.


In this detailed article, we will go through each and every step of creating self-signed certificates intricately and understand the importance as well. Follow this guide and you can create self-signed certificate using OpenSSL within an hour or two.


There are varied aspects of an SSL Certificate; in this article we are going to look at the creation of Self-signed SSL with the help of Open SSL:

 What is an Open SSL and how it is used?

OpenSSL in the simplest language can be defined as an open source system for building SSL and TLS. Keeping up with the security in the modern world is extremely essential and necessary for business to move forward and acquire a huge audience base. What an OpenSSL does is add extra security to the common communication layer of a website hence making it way more secure.


It is used on local computers to generate self-signed SSL Certificates. Let’s go through varied steps involved in the creation of a self-signed certificate:


Step 1: Generate a Private Key: You will be required to open the OpenSSL tool for creating a private key. Along with the private key you will also have to create a certificate signing request. Varied developers also use this tool from around the world for creating certificates for test pages. Testing a page before employing it online is an important task that needs to be executed precisely.


Creating an RSA Private Key:

  • The key is generally 1024 bit but it is always recommended to create 2048 RSA Key because it has the requisite encryption. A key with no encryption is of no use and it is going to provide no benefit to the site.
  • Also 1024 is quite small to carry encryption hence 2048 bit is the recommended size.


Now open the OpenSSL and put in the following code into the tool:

openssl>genrsa -des3 -out server.key 1024 
openssl>genrsa -des3 -out server.key 2048 

Now, when you press ENTER you will be asked to enter a pass phrase for the server.key. Enter a pass phrase of your choice and do not forget it. The entered pass phrase will be used later for decrypting the information encrypted.


Loading ‘screen’ into random state – done
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:

Note: It is important to make a note of the pass phrase because it will be required later for varied usages.


Step 2: Generate a Certificate Signing Request:

It is only after generating a private key we can move ahead to create a Certificate Signing Request. The certificate generated here will be sent to a Certificate Authority, who will be responsible for making it authentic. The authority will verify the certificate and make it legal for you to use the certificate. Authorities like Verisign are the ones who generally verify these self-signed certificates.


Now, it is time to self-sign the certificate signing request we generated:

The command to generate the CSR is as follows:

req –new –key private_key_file_name.key -sha256 –out csr_file_name.csr

  1. a) Enter the following command at the prompt:

Openssl>req -new -key server.key -sha256  -out server.csr

  1. b) This command prompts for the following X.509 attributes of the certificate.

The server.csr generated can now be sent to Certificate Authority like Verisign for verification. You are also allowed to self-sign it and use it but do not forget to test the page a few times to see that it is working properly.


Step 3: Creating a Self-Signed Certificate

Let’s get to the creation of self-signed certificate, which saves you from getting it signed from a certificate authority. You can rely on these self-signed certificates for 365 days without any trouble. Do not forget to renew it every year on your own.


  1. To create a self-signed certificate using OpenSSL, use the following command:
    Openssl> x509 -req -days 365 -in server.csr -signkeyserver.key -sha256 -out server.crt
    Signature ok
    Getting Private key
    Enter pass phrase for server.key:
  1. here you will be prompted to enter the pass phrase you created in the first step

Your server.csr is generated.

Step 4: Converting CRT to PET Format

It is important to convert CRT to PET because it is the only format that can be read by a reader. Here’s step by step guide to do it:


  1. Enter the below written command in the OpenSSL

Openssl> x509 -in server.crt -out server.pem -outform PEM

The format is now changed and is all set for you to use.

SSL is no more privilege but a necessity for businesses; any enterprise that wants to sell online or engage with customers over the Internet needs to acquire the certificates. While businesses are required, small scale organizations and bloggers can rely on self-signed certificates for acquiring the requisite security against the harmful threats by data hacker or thieves.


This self-signed certificate costs nothing but is of great use. With the entire security layer in them, the data is transmitted only after being encrypted which can only be decrypted by entities with the private key. The overall procedure of creating a self-signed SSL certificate using OpenSSL is quite easy but really very useful. One can rely on these options for building a better site with the requisite security in it.

Leave Comment