skip to main content
Official information and services: www.belgium.be belgium.be

Generating your self-signed certificate

This page provides the procedure to follow in order to generate a self-signed certificate by using the OpenSSL tool. The generation of a self-signed certificate via OpenSSL is done in two steps:

Generating a Key Pair

The OpenSSL command to generate a key pair is as follows:

openssl genrsa -out %SELFSIGNED_PRIVATE_KEY_FILE_PATH% 2048

where the variable %SELFSIGNED_PRIVATE_KEY_FILE_PATH% should indicate the file in which the key pair should be saved.

Generating the Self-Signed Certificate

The OpenSSL command to generate the certificate is as follows:

openssl req -config %OPENSSL_CONFIG_FILE% -new -x509 -sha256 -key %SELFSIGNED_PRIVATE_KEY_FILE_PATH% -out %SELFSIGNED_CERTIFICATE_FILE_PATH% -days 3600

where:

  • the variable %SELFSIGNED_PRIVATE_KEY_FILE_PATH% should indicate the file from which the key pair can be loaded.
  • the variable %SELFSIGNED_CERTIFICATE_FILE_PATH% should indicate the file in which the certificate should be saved.

  • the variable %OPENSSL_CONFIG_FILE% corresponds to the path to the OpenSSL configuration file, which contains the following content:

    openssl_config.cfg 
    ##################################################
	distinguished_name = distinguished_name
	x509_extensions = x509_extensions
	[ distinguished_name ]
	commonName = Common Name (CN)
	commonName_max = 64
	commonName_default = Little Big Company ASBL
	countryName = Country Name - 2 letter code (C)
	countryName_min = 2
	countryName_max = 2
	countryName_default = BE
	[ x509_extensions ]
	subjectKeyIdentifier = hash
	basicConstraints = critical,CA:false
	keyUsage=digitalSignature, nonRepudiation
	##################################################