How to Generate SSL Certificates with OpenSSL in 2026

Introduction

OpenSSL is the standard tool for managing SSL/TLS certificates. Whether you are developing a web application or securing a server, knowing how to generate keys and certificates is essential. This tutorial guides you step by step from verifying the installation to creating a functional self-signed certificate. You will learn the essential commands while understanding their real-world utility. By the end, you will be able to produce certificates ready for development or testing.

Prerequisites

A Linux, macOS or Windows system with WSL
OpenSSL installed (version 3.0+)
Basic terminal knowledge
Elementary command-line skills

Verify the Installation

terminal

openssl version

This command displays the installed OpenSSL version. It confirms that the tool is available and operational before performing any cryptographic operations.

Generate an RSA Private Key

terminal

openssl genrsa -out private.key 2048

This command creates a 2048-bit RSA private key. The key is stored in the private.key file and serves as the foundation for all subsequent certificates.

Create a Certificate Signing Request (CSR)

terminal

openssl req -new -key private.key -out request.csr -subj "/C=FR/ST=IDF/L=Paris/O=MonEntreprise/CN=example.com"

This command generates a CSR using the private key. The -subj parameter sets the certificate information directly without interactive prompts.

Generate a Self-Signed Certificate

terminal

openssl x509 -req -in request.csr -signkey private.key -out certificate.crt -days 365

This command signs the CSR with the private key to produce a certificate valid for 365 days. Ideal for development and testing environments.

Verify the Generated Certificate

terminal

openssl x509 -in certificate.crt -text -noout

This command displays the certificate contents to verify the entered information and validity period.

Best Practices

Always use a key size of at least 2048 bits
Protect private keys with restrictive permissions (chmod 600)
Use descriptive file names
Renew certificates before expiration
Store private keys outside the code repository

Common Mistakes to Avoid

Forgetting to protect private key permissions
Using self-signed certificates in production
Ignoring certificate expiration dates
Failing to verify certificate contents after generation

Go Further

Discover our complete courses on security and system administration at https://learni-group.com/formations.

How to Generate SSL Certificates with OpenSSL in 2026

Introduction

Prerequisites

Verify the Installation

Generate an RSA Private Key

Create a Certificate Signing Request (CSR)

Generate a Self-Signed Certificate

Verify the Generated Certificate

Best Practices

Common Mistakes to Avoid

Go Further

Recommended Learni Training Courses

Training APNs 2026 - Optimizing Apple Push Notifications

Training Amazon Bedrock - Securing Professional AI Systems

Training Amazon EKS 2026 - Securing your cloud clusters

Training Amazon GuardDuty - Detecting Advanced AWS Threats

Training Amazon GuardDuty 2026 - Securing Your Cloud Infrastructures

Training Amazon Q 2026 - Boost Your Social Strategies

Training Anonymization - Securing Personal Data

Training Anti-phishing - Protecting your company from cyberattacks

Training Bardeen 2026 - Automate Pentest and Expert SOC

Recommended Learni Training Courses

Training APNs 2026 - Optimizing Apple Push Notifications

Training Amazon Bedrock - Securing Professional AI Systems

Training Amazon EKS 2026 - Securing your cloud clusters

Training Amazon GuardDuty - Detecting Advanced AWS Threats

Training Amazon GuardDuty 2026 - Securing Your Cloud Infrastructures

Training Amazon Q 2026 - Boost Your Social Strategies

Training Anonymization - Securing Personal Data

Training Anti-phishing - Protecting your company from cyberattacks

Training Bardeen 2026 - Automate Pentest and Expert SOC