2 min read | by Jordi Prats
Using openssl we can create a self-signed using a non interactive command suitable for automation if we give all the information at once such as the CN, and the days to expire
If we already have a private key we want to use, we can use it using the option -key. This command will create as a output the file server.crt containing the self-signed certificate:
openssl req -new -sha256 \ -key server.key \ -subj "/C=RC/ST=Barcelona/O=pet2cattle/CN=pet2cattle.com" \ -nodes -x509 \ -days 365 \ -out server.crt But we can also tell openssl to also create a private key for us
openssl req -new -sha256 \ -newkey rsa:2048 \ -subj "/C=RC/ST=Barcelona/O=pet2cattle/CN=pet2cattle.com" \ -nodes -x509 \ -days 365 \ -out server.crt These days is quite common to also need to have a SAN record on the certificate, starting from OpenSSL 1.1.1 if got much easier to do it:
openssl req -new -sha256 \ -key server.key \ -subj "/C=RC/ST=Barcelona/O=pet2cattle/CN=pet2cattle.com" \ -nodes -x509 \ -days 365 \ -out server.crt \ -addext "subjectAltName = DNS:pet2cattle.com" Posted on 21/05/2021