ChromeLinuxCodingWeb Tools

Generating a valid self-signed certificate for Apache and Chrome

Certificate generation

Assuming that you are on Windows, you have installed OpenSSL in C:\OpenSSL-Win32\ and your local domain name is nullalo.local, you can issue the following commands at the prompt:


C:\OpenSSL-Win32\bin\openssl.exe req -x509 -config C:\OpenSSL-Win32\bin\openssl.cfg -nodes -days 365 -newkey rsa:2048 -reqexts SAN -extensions SAN -keyout nullalo.local.key -out nullalo.local.crt

Let’s see the meaning of this command’s parameters:

  • x509 is the certificate standard (X.509 v3)
  • nodes stands for “No DES”, meaning your private key will not be encrypted in a PKCS#12 file with 3DES-CBC algorithm
  • days is the number of days of validity from the current date (in the example, 365 days – 1 year from now)
  • newkey generates a new RSA key of ‘bits’ in size (in the example, 2048 bits)
  • reqexts specifies request extension section (in our case, SAN – override value in config file)
  • extensions specifies certificate extension section (SAN, again – override value in config file)
  • keyout outputs private key to a file
  • out outputs certificate to a file

You’ll be asked for some informations about the certificate: it is very important, for previous Google Chrome version and other browsers, that when asked for Common Name, you enter your primary DNS (in this case, nullalo.local).

OpenSSL certificate generation

This command will generate, in the current directory, two files: the private key (nullalo.local.key) and the self-signed certificate (nullalo.local.crt).

Previous post

Windows 7 won't boot

Next post

How to recover permanently deleted Outlook emails

Fulvio Sicurezza

Fulvio Sicurezza

2 Comments

  1. Arvind Kumar Jha
    Tuesday December 4th, 2018 at 08:22 AM — Reply

    Thanks a ton!!
    This tutorial worked for me perfectly.

  2. Sunday December 16th, 2018 at 01:18 PM — Reply

    Davvero interessante 🙂 Grazie

Leave a reply

Your email address will not be published. Required fields are marked *