Create a self-signed SSL cert for 20 years!

I was thinking, if you are making your own cert for internal use or testing, why make it for only a year?

Here’s how to make one that won’t expire for twenty years…

Generate a key:

openssl genrsa -des3 -out test.key 1024

Remove the passphrase:

cp test.key test.key.orig
openssl rsa -in test.key.orig -out test.key

Create the CSR:

openssl req -new -key test.key -out test.csr

Create the 20 year cert:

openssl x509 -req -days 7305 -in test.csr -signkey test.key -out test.crt





Please VOTE for this page at: ADD TO DEL.ICIO.US | ADD TO DIGG | ADD TO FURL | ADD TO NEWSVINE | ADD TO NETSCAPE | ADD TO REDDIT | ADD TO STUMBLEUPON | ADD TO TECHNORATI FAVORITES | ADD TO SQUIDOO | ADD TO WINDOWS LIVE | ADD TO YAHOO MYWEB | ADD TO ASK | ADD TO GOOGLE


3 Comments


  1. For a stronger certificate, generate 2048 bits instead of 1024 on the first line:

    openssl genrsa -des3 -out test.key 2048

    Posted February 25, 2009, 11:07 am

  2. Here’s how to do everything in one line:

    openssl req -x509 -nodes -days 7305 -newkey rsa:2048 -keyout servername.key -out servername.crt

    Posted June 22, 2009, 9:48 am

  3. To view contents of crt:

    openssl x509 -in test.crt -noout -text

    To view contents of csr:

    openssl req -in test.csr -noout -text

    Posted February 11, 2011, 8:47 am

Leave a reply