Make a Private/Public Key Pair, Self Signed, No Password

This is take straight from http://devsec.org/info/ssl-cert.html. I’m getting it on my blog, as a reference to myself, so I can make a key pair quickly in the future.

Make a new ssl private key:

* Generate a new unencrypted rsa private key in PEM format:

openssl genrsa -out privkey.pem 2048

You can create an encrypted key by adding the -des3 option.

#
To make a self-signed certificate:

* Create a certificate signing request (CSR) using your rsa private key:

openssl req -new -key privkey.pem -out certreq.csr

( This is also the type of CSR you would create to send to a root CA for them to sign for you. )

* Self-sign your CSR with your own private key:

openssl x509 -req -in certreq.csr -signkey privkey.pem -out newcert.pem

185 thoughts on “Make a Private/Public Key Pair, Self Signed, No Password”

Comments are closed.