Generate X.509 Certificate (Self Signed)


User Private Key
v3 v2



Your Support Matters!

Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency



Self-Signed Certificate

A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee the authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them. Source(s): NIST SP 800-57 Part 1 Rev. 3

OpenSSL Commands

  • Generate a new private key and Certificate Signing Request

    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key

  • Generate a self-signed certificate

    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt

  • Generate a certificate signing request (CSR) for an existing private key

    openssl req -out CSR.csr -key privatekey.key -new

  • Generate a certificate signing request based on an existing certificate

    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privatekey.key

  • Remove a passphrase from a private key

    openssl rsa -in privateKey.pem -out newprivatekey.pem

  • Convert a DER file (.crt .cer .der) to PEM

    openssl x509 -inform der -in certificate.cer -out certificate.pem

  • Convert a PEM file to DER

    openssl x509 -outform der -in certificate.pem -out certificate.der

  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

    openssl pkcs12 -in keyStore.pfx -out keystore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile