Create a self-signed SSL Certificate with OpenSSL


Lots of thanks to Mike Solomon for his post on how to create self-signed ssl certs.

I had some changes I wanted which I’m putting here for me to copy and paste easily as well as to help anyone else who might use it.

I prefer to export a name of what site I’m generating the cert for in the file so they’re slightly grouped and I changed his commands to use an enviroment variable I set in my example to ‘cmpis’.


export DOMAIN=""
openssl genrsa -out ${DOMAIN}.key 2048
openssl req -new -sha512 -key ${DOMAIN}.key -out ${DOMAIN}.csr
openssl req -x509 -sha512 -days 365 -key ${DOMAIN}.pem -in ${DOMAIN}.csr -out ${DOMAIN}.crt
openssl req -in ${DOMAIN}.csr -text -noout | grep -i "Signature.*SHA512" && echo "All is well" || echo "This certificate will stop working in 2017! You must update OpenSSL to generate a widely-compatible certificate"

Again, Thanks mike!

Any issues or suggestions? Tell me on github.