How to create a Self Signed Certificate : x509 / P12 : using OpenSSL

Make sure that you have openssl package on your system. You can download it from

Execute Below command:

   openssl req -new -x509 -nodes -out certificate.crt -keyout certificate.key


openssl req -new -x509 -nodes -out certificate.crt -keyout certificate.key

Generating a 1024 bit RSA private key



writing new private key to ‘server.key’


You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter ‘.’, the field will be left blank.


Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]:California

Locality Name (eg, city) []:San Francisco

Organization Name (eg, company) [Internet Widgits Pty Ltd]:TroubleShoot

Organizational Unit Name (eg, section) []:SSL

Common Name (e.g. server FQDN or YOUR name) []:ServerName.DomainName

Email Address []

This will generate certificate.crt (certificate file) and certificate.key (key file)

if you want to Create a P12 (Certificate and key in same file) , run below command:

openssl pkcs12 -export -out certificate.p12 -inkey certificate.key -in certificate.crt