81

How to easily create self signed SSL certificate for testing purposes?

Dima Stopel
  • 2,427
  • 2
  • 17
  • 12
  • Please use the search, this should have been asked and answered already, if not search the other stackoverflow Q&A sites, too please // close-votes but nobody suggested a duplicate - there ain't one? – hakre Jan 10 '13 at 23:47

1 Answers1

124

You can do this via openssl:

  1. Install openssl package (if you are using Windows, download binaries here).

  2. Generate private key: openssl genrsa 2048 > private.pem

  3. Generate the self signed certificate: openssl req -x509 -days 1000 -new -key private.pem -out public.pem

  4. If needed, create PFX: openssl pkcs12 -export -in public.pem -inkey private.pem -out mycert.pfx

Chris Stryczynski
  • 30,145
  • 48
  • 175
  • 286
Dima Stopel
  • 2,427
  • 2
  • 17
  • 12
  • 34
    As a one-liner: openssl req -new -x509 -nodes -out server.crt -keyout server.key – Alex Mar 19 '14 at 20:24
  • 2
    Must add -sha256 to avoid more errors – Alex G Sep 24 '16 at 19:43
  • 4
    The link to the Windows binaries above doesn't work anymore. Openssl.org does not provide any binaries themselves but the do offer a list to binaries in their [wiki](https://wiki.openssl.org/index.php/Binaries). – klaas Oct 11 '16 at 15:41
  • You can download cygwin for openssl for windows and check openssl from tools. – user1626116 Mar 13 '17 at 23:48
  • 5. `openssl pkcs12 -in mycert.pfx -out mycert.pem -nodes` to create mycert.pem certificate (for example needed by jupyter) from .pfx, as according to [this document.](http://webhelp.evisions.com/HelpFiles/MAPS/en/Content/OpenSSL%20Certificates.htm) – macieksk Jan 04 '18 at 16:05
  • 7
    For Windows users: **Git Bash** includes `openssl`. *I thick Git is one of must have things in developer's system* ^) – kyb Jan 30 '18 at 21:40
  • 1
    For windows, you could find it at "C:\Program Files\Git\usr\bin\openssl.exe" – John Jang Oct 12 '20 at 00:48
  • On Win10 I was running this from git bash -- Generating public works. Attempting to generate pfx seemed to hang. It's related to git bash problem when getting password -- the fix is to prefix openssl command with $ winpty openssl... See https://stackoverflow.com/questions/34156938/openssl-hangs-during-pkcs12-export-with-loading-screen-into-random-state for more info. – raddevus May 05 '21 at 14:39
  • 1
    If the `openssl` command hangs, try do `winpty openssl ...`. – Val Aug 31 '21 at 01:59
  • On my local development machine with Windows and Visual Studio I use the IIS Express Development Certificate for deployment tests on IIS – plykkegaard Mar 05 '23 at 11:07
  • If you encounter encoding errors, use: ```openssl genrsa -out private.pem 2048``` instead of the first command. – Suleyman OZ May 03 '23 at 10:53