Generate X.509 Certificate (Self Signed)


User Private Key
v3 v2



Thanks for using this software, for Cofee/Beer/Amazon bill and further development of this project please Share.

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency

Asking for donation sound bad to me, so i'm raising fund from by offering all my Nine book for just $9



Self-Signed Certificate

A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee the authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them. Source(s): NIST SP 800-57 Part 1 Rev. 3

OpenSSL Commands

  • Generate a new private key and Certificate Signing Request

    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key

  • Generate a self-signed certificate

    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt

  • Generate a certificate signing request (CSR) for an existing private key

    openssl req -out CSR.csr -key privatekey.key -new

  • Generate a certificate signing request based on an existing certificate

    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privatekey.key

  • Remove a passphrase from a private key

    openssl rsa -in privateKey.pem -out newprivatekey.pem

  • Convert a DER file (.crt .cer .der) to PEM

    openssl x509 -inform der -in certificate.cer -out certificate.pem

  • Convert a PEM file to DER

    openssl x509 -outform der -in certificate.pem -out certificate.der

  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

    openssl pkcs12 -in keyStore.pfx -out keystore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile

The Modern Cryptography Book

Kubernetes for DevOps

Cryptography for Python Developers

Cryptography for JavaScript Developers

Go lang Cryptography for Developers