Create a self-signed SSL cert for 20 years!

I was thinking, if you are making your own cert for internal use or testing, why make it for only a year?

Here’s how to make one that won’t expire for twenty years…

Generate a key:

openssl genrsa -des3 -out test.key 1024

Remove the passphrase:

cp test.key test.key.orig
openssl rsa -in test.key.orig -out test.key

Create the CSR:

openssl req -new -key test.key -out test.csr

Create the 20 year cert:

openssl x509 -req -days 7305 -in test.csr -signkey test.key -out test.crt

3 thoughts on “Create a self-signed SSL cert for 20 years!

Leave a Comment