How: Creating Self Signed Certificate

As defined in A self-signed certificate is a certificate that is signed by the person creating it rather than a trusted certificate authority.

In my present job, I was given a task to integrate Third party API that uses token-based authentication and a Self-signed certificate. After days of searching, I found a way of generating an x509 certificate using OpenSSL application. To share with you how I generate an x509 certificate, below are the steps to generate a Self-signed certificate using OpenSSL.


Download OpenSSL for windows from the link below.

Self Signed Certificate

After you have downloaded the EXE file proceed with Installing the application. I prefer installing it in C Drive root directory. See image below.

Self Signed Certificate

After the installation navigates to your installation folder in my case it is C:\OpenSSL-Win64\bin. Copy the full path and paste it in your Environment Variable.  See Image below.

Self Signed Certificate

Environment Variable:

To open environment variables right click on My Computer or This PC for Windows 10 and choose properties.

Self Signed Certificate

System window will appear click change settings.

My Computer

Then select the advanced tab and open Environment Variables located at the bottom right of the advance tab.

Self Signed Certificate

Now you can open Environment Variables. Copy and paste your installation directory (C:\OpenSSL-Win64\bin) to your Environment Variables path separating it with a semicolon. Now you can directly access OpenSSL using cmd.

Self Signed Certificate

Let’s start creating a Self Signed Certificate:

Step 1. Open command prompt or cmd to start creating a self-signed certificate. Create a folder from anywhere on your PC. In my case, I created a folder inside D:\sample cert. Please refer to the image below to change cmd directory to the folder you created.Type OpenSSL to start the application.

Self Signed Certificate

Step 2. Create a key and a certificate using the command below. Fill additional details for your Self-Signed certificate. Refer to the image shown below.

  • openssl req -x509 -days 365 -newkey rsa:2048 -keyout mykey.pem -out mycert.pem

Self Signed Certificate

This will create a key and certificate.

Self Signed Certificate

Step 3.  Put your key and certificate in one file using a pfx file. Self Signed CertificateUse the command below

  • openssl pkcs12 -export -in mycert.pem -inkey mykey.pem -out mycert.pfx

This will create a pfx file.

Self Signed Certificate

Step 4. Extract a public certificate from your pfx. Use the command below.

  • openssl pkcs12 -in mycert.pfx -clcerts -nokeys -out public_cert.pem

This will generate a public_cert.pem file.

Self Signed Certificate

See image below to see the files created using this steps.

Self Signed Certificate

And now your Self Signed certificate is now ready for live action. Thank you for reading. Happy Coding!!.

Leave a Reply

Your email address will not be published. Required fields are marked *