SSL Certificate Generator
Create a self-signed SSL certificate for internal or personal use.
Use this tool to create a certificate signing request, private key,
and self-signed SSL certificate.
The signing request can be submitted to a certificate authority (CA) to generate a trusted certificate for the private key, or use the key and certificate on a server that doesn't need to have a trusted certificate signed by a CA.
Certificates and keys are generated using OpenSSL 1.1.1u 30 May 2023 in memory and sent directly to your browser over TLS. Usage of this tool is not logged. None of the information used to create certificates is logged or saved, nor are any of the generated CSR's, certificates, or private keys.
OpenSSL Command Cheat Sheet
RSA Certificate Commands
Create new certificate signing request and private key (4096 bit RSA)
openssl req -new -outform PEM -nodes -keyout server.key -newkey rsa:4096 -out server.csr
Generate a self-signed certificate valid for 2 years with a 4096 bit private key
openssl req -x509 -nodes -days 730 -newkey rsa:4096 -keyout server.key -out server.crt
EC Certificate Commands
Get a list of available curve names for ECC
openssl ecparam -list_curves
Create new 256-bit Elliptic Curve private key
openssl ecparam -out server.key -name prime256v1 -genkey
Create new 384-bit Elliptic Curve private key
openssl ecparam -out server.key -name secp384r1 -genkey
Generate a new certificate signing request using the ECC key
openssl req -new -sha256 -key server.key -out server.csr
Generate a self-signed certificate valid for 2 years using the ECC key
openssl req -x509 -sha256 -days 730 -key server.key -in server.csr -out server.crt