Create X509 Certificate Online Private Key Selection Generate New Private Key Generate Certificate using user Private key
  Hostname or your full name : (CN*) Common Name, usually the web server hostname or your name.
    Organization/Company : (O) For example, 8gWifi Corporation
    Department : (OU) Your division or department.
    Email : (E) Usually specified for an email or SMIME user certificate
 City/Local : (L) For example, India
 State : (ST) For example, California
    Country :
    Expiration :
 Alt_Names : Comma Separated Alternative Name
x509 Certificate Version v3 v2
User Private Key

Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency
Reader Offer The Modern Cryptography CookBook for Just $9 Avail Discount coupon first 100 reader. No hurry read the sample chapters here first

Self-Signed Certificate

A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee the authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them. 
Source(s): NIST SP 800-57 Part 1 Rev. 3 

  A public-key certificate whose digital signature may be verified by the public key contained within the certificate. The signature on a self-signed certificate protects the integrity of the data, but does not guarantee authenticity of the information. The trust of self-signed certificates is based on the secure procedures used to distribute them. 
Source(s): NIST SP 800-57 Part 3 Rev. 1 

OpenSSL Commands

  • Generate a new private key and Certificate Signing Request
    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privatekey.key
  • Generate a self-signed certificate 
    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt
  • Generate a certificate signing request (CSR) for an existing private key
    openssl req -out CSR.csr -key privatekey.key -new
  • Generate a certificate signing request based on an existing certificate
    openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privatekey.key
  • Remove a passphrase from a private key
    openssl rsa -in privateKey.pem -out newprivatekey.pem
  • Convert a DER file (.crt .cer .der) to PEM
    openssl x509 -inform der -in certificate.cer -out certificate.pem
  • Convert a PEM file to DER
    openssl x509 -outform der -in certificate.pem -out certificate.der
  • Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
    openssl pkcs12 -in keyStore.pfx -out keystore.pem -nodes

    You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

  • Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)
    openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile