Sometimes you just need a quick and dirty TLS Certificate to test something or to help you setup a lab. Here’s a couple of one-liners that have got me out of trouble more times than I can count…

Use OpenSSL to create a Self Signed Certificate:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

Running this command launches a small wizard that asks you for details about the Certificate. As this is a self-signed certificate, the details probabaly don’t matter much. The one to get right though, will be the ‘Common Name’. This should generally match the hostname or identity of the thing you’re going to apply the Certificate to.

This particular examples creates a SHA256/4096bit x509 Certificate that’s valid for 365 days.

The output from the command is two files, one containing the public key and one containing the private key. The public key in this example is called ‘cert.pem’ and the private key is called ‘key.pem’.

Use OpenSSL to merge separate public and private keys in to a single PKCS12 Certificate:

openssl pkcs12 -export -out keyStore.p12 -inkey key.pem -in cert.pem

Running this command will take key.pem (private key) and cert.pem (public key) as inputs and, after asking you to setup an export password, will export a single certificate file that contains the public and private keys. The output file is called keyStore.p12.

Updated: