Generate self-signed certificate with openssl

To generate self-signed certificate for a quick test or for development. If you are looking for getting certificate for production site then I strongly suggest to go for a proper certificate like LetsEncrypt. You can get it easily with certbot.

To generate a self-signed SSL certificate using the OpenSSL, complete the following steps:

  1. Write down the Common Name (CN) for your SSL Certificate. The CN is the fully qualified name for the system that uses the certificate. If you are using Dynamic DNS, your CN should have a wild-card, for example: * Otherwise, use the hostname or IP address set in your Gateway Cluster (for example. or
  2. Run the following OpenSSL command to generate your private key and public certificate. Answer the questions and enter the Common Name when prompted.
    openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
  3. Review the created certificate:
    openssl x509 -text -noout -in certificate.pem
  4. Combine your key and certificate in a PKCS#12 (P12) bundle:
    openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
  5. Validate your P2 file.
    openssl pkcs12 -in certificate.p12 -noout -info
  6. For further tests you can give these commands. All of these commands are optional
    openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
    openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
    openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum

From step 4 all the steps are optional.

Source for these command got from ibm. Not a great source will change it in the future.