Generate self-signed SSL certificate in one line

Published on April 05, 2015

As a web developer or website owner, you may sometimes need to generate and test your web application using self-signed SSL certificates before buying commercial SSL certificates. Generating self-signed certificates is an easy process. In fact, it's a one-step process.

We will use SHA256 with RSA 2048 encryption. The certificate will be valid for 1 year.

To generate the certificate and key, run this:

openssl req -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt

If you want to include your name or your company name, run this:

openssl req -subj '/ John/C=US' -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout server.key -out server.crt

Now, you have the certificate server.crt and key server.key. Copy them to a new directory ssl under the web server root directory.

If you use Nginx, here's a sample nginx.conf block:

server {
    listen      443 ssl;
    server_name localhost;
    root   html;

    ssl on;
    ssl_certificate     /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

If you use Apache web server, here's a sample apache2.conf (or httpd.conf):

    DocumentRoot html
    ServerName localhost
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key

Disable https warning from Chrome

When you navigate to https://localhost, on some browsers like Chrome, you get this Not Secure warning. You can disable it in Chrome by following these steps:

1) Open Chrome and enter this in the address bar


You will see this on the top:

Allow invalid certificates for resources loaded from localhost. Mac, Windows, Linux, Chrome OS, Android
Allows requests to localhost over HTTPS even when an invalid certificate is presented. #allow-insecure-localhost

2) Then, enter this in the address bar


Enter localhost in the Domain field.

Restart Chrome and go back to https://localhost. Hopefully, it should not show the No Secure warning.

Table of Contents

If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.

Disclaimer: Our website is supported by our users. We sometimes earn affiliate links when you click through the affiliate links on our website.

Published on April 05, 2015