Generate certificates with OpenSSL

OpenSSL powers the internet through the use of encryption between networks and computers. This helps keep our data secure from eavesdropping and abuse from malicious actors. It also include utilities so that you can generate certificates and keys for authentication as well as signing. We will be going through the process of generating certificates.

Generate certificates

The process can be pretty straightforward and can be completed with just a single shell command. When we’re done, you will have a certificate and a private key to use for securing your connection. First off, let’s generate a private key and certificate together.

Private keys will be used to identify our certificate. Without them, there’s no way you can use your certificate to encrypt/decrypt data back and forth. I will start by typing the following into the shell terminal:

openssl req -new -sha256 -keyout key.pem -x509 -nodes -out cert.pem -days 1000

Here, we are creating a new private key to be used with our certificate. The -sha256 will encrypt our private key’s algorithm with the sha256 cipher. This is considered to be strong enough and is unlikely to be deciphered. I have also applied the -nodes argument which tells OpenSSL not to create a password for our private key and certificate.

-x509 will now serve as our certificate and -days 1000 will keep the certificate from expiring 1000 days from now.

Generate certificates

You will now be asked to fill out some information pertaining to the certificate. I have decided not to fill out any details as I will be using this as a self-signed certificate. Feel free to do so.

Note: For Common Name, type in the domain that you will be using if you’re planning to use this with HTTPS .

Both key.pem and cert.pem have now been placed in your current directory. We are now going to combine the both into one file by doing the following:

cat key.pem cert.pem > certificate.pem

I have made it so that cat takes the output of both files and puts them into a new one called certificate.pem. You can also display your completed certificate.

View certificate information

I will now run the following shell commands to display the contents of our new certificate:

openssl x509 -in certificate.pem -noout -text

You will now see information such as expiration, and what you’ve put in earlier as well as algorithm information.

You are now ready to use your certificate!