Creating a self-signed certificate
In certain contexts, obtaining a certificate from a third-party certificate authority (CA) is unnecessary. In these cases, you can create a self-signed certificate.
About this task
A self-signed certificate consists of a public/private key pair and a certificate for the public key that is signed by the private key. It is also known as a root certificate because it can be used to create a Certificate Authority.
Self-signed certificates can also be used in simple scenarios when both the client and the server are known to each other and can exchange certificates securely out-of-band.
The following steps describe how to create a self-signed certificate with the OpenSSL
toolkit and openssl
commands. However, you can use a different key
management tool of your choice.
To generate a self-signed certificate:
Procedure
-
Open the
openssl
command line to create and initialize a new PKCS12 key store. -
Create a new self-signed certificate:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj /CN=MyHost.com
-
Create a PKCS12 file :
openssl pkcs12 -export -in cert.pem -inkey key.pem -out myfile.p12 -name "Alias of cert"