How to generate self signed certificates

Sometimes you need a self-signed certificate for the purpose of testing websites or digitally signing files such as PDFs. Your PDF software will probably ask you for a .pfx file. You can generate these on Windows, Mac or linux

On Windows


On windows, with Visual Studio, you can use the makecert utility:

cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
.\makecert.exe -r -a sha512 -len 4096 -pe -sv c:\users\gerben\documents\example.key -n "CN=Test" c:\users\gerben\documents\example.cer
.\pvk2pfx.exe -pvk c:\users\gerben\documents\example.key -spc c:\users\gerben\documents\example.cer -pfx c:\users\gerben\documents\example.pfx -po PasswordForPfxFile

Linux and Mac


Most linux and OSX machines have openssl installed by default. You can generate the various files as follows:

commandprompt> openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout example.key -out example.pem -subj "/C=NL/O=Tester/CN=example.com/emailAddress=test@example.com"
commandprompt> openssl pkcs12 -export -out example.pfx -inkey example.key -in example.pem 
#openssl will ask you for a password. Don't forget it

This will output the following:

File Description
example.key Your private key.
example.pem The certificate. This also contains your public key
example.pfx An encrypted, password protected file that contains both your private and public key

You can see your public key with the following command:

commandprompt> openssl x509 -in example.pem -pubkey
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC52G+QBJsz1m/rzINSjzABnLjQ
18c+PGMn+w0CxCHsOkIGBRYP80k8+ZznhlMJ2pJ7knM5McHUuYxfBaMU1GraTjS5
c0nb/5AbPR6iWM5rI/Ha02CMmZmSsspq2RhSZZU0Buco0sAqjf9KPn6/uuoNdvTe
kDTMIH7cgB+NsJSadwIDAQAB
-----END PUBLIC KEY-----

You can see the contents of your certificate using the following command:

commandprompt> openssl x509 -in example.pem -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            fd:22:40:d8:00:b8:68:fa
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=NL, O=Tester, CN=example.com/emailAddress=test@example.com
        Validity
            Not Before: Apr 16 12:52:39 2015 GMT
            Not After : Apr 15 12:52:39 2016 GMT
        Subject: C=NL, O=Tester, CN=example.com/emailAddress=test@example.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:b9:d8:6f:90:04:9b:33:d6:6f:eb:cc:83:52:8f:
                    30:01:9c:b8:d0:d7:c7:3e:3c:63:27:fb:0d:02:c4:
                    21:ec:3a:42:06:05:16:0f:f3:49:3c:f9:9c:e7:86:
                    53:09:da:92:7b:92:73:39:31:c1:d4:b9:8c:5f:05:
                    a3:14:d4:6a:da:4e:34:b9:73:49:db:ff:90:1b:3d:
                    1e:a2:58:ce:6b:23:f1:da:d3:60:8c:99:99:92:b2:
                    ca:6a:d9:18:52:65:95:34:06:e7:28:d2:c0:2a:8d:
                    ff:4a:3e:7e:bf:ba:ea:0d:76:f4:de:90:34:cc:20:
                    7e:dc:80:1f:8d:b0:94:9a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                B4:82:EE:F5:8A:75:34:82:BD:23:03:3B:96:E4:A9:AE:B7:3B:5F:A9
            X509v3 Authority Key Identifier: 
                keyid:B4:82:EE:F5:8A:75:34:82:BD:23:03:3B:96:E4:A9:AE:B7:3B:5F:A9
                DirName:/C=NL/O=Tester/CN=example.com/emailAddress=test@example.com
                serial:FD:22:40:D8:00:B8:68:FA

            X509v3 Basic Constraints: 
                CA:TRUE
    Signature Algorithm: sha1WithRSAEncryption
        76:27:e2:e6:07:a2:cd:db:3a:6a:14:f4:a1:17:8e:7e:ff:97:
        da:b4:78:29:a1:33:be:ca:49:5f:26:83:6c:f8:40:9e:65:67:
        91:ae:b8:14:5c:09:85:7f:e6:a0:6d:bb:a5:7d:e7:16:2e:c9:
        6b:86:39:16:74:6f:e6:5c:40:8a:a0:4e:ec:eb:70:1a:85:e4:
        a1:7c:21:e1:a5:71:76:3b:dc:43:74:f2:ee:a7:eb:d2:f9:5b:
        44:3e:26:7a:f8:e8:c7:40:c9:71:b9:e7:ad:93:8d:69:00:69:
        16:e2:fb:e5:6d:45:b2:fb:8f:df:fc:2b:c7:a9:58:59:35:22:
        56:7f
-----BEGIN CERTIFICATE-----
MIIC4TCCAkqgAwIBAgIJAP0iQNgAuGj6MA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV
BAYTAk5MMQ8wDQYDVQQKEwZUZXN0ZXIxFDASBgNVBAMTC2V4YW1wbGUuY29tMR8w
HQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tMB4XDTE1MDQxNjEyNTIzOVoX
DTE2MDQxNTEyNTIzOVowVTELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRlc3RlcjEU
MBIGA1UEAxMLZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs
ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnYb5AEmzPWb+vMg1KP
MAGcuNDXxz48Yyf7DQLEIew6QgYFFg/zSTz5nOeGUwnaknuSczkxwdS5jF8FoxTU
atpONLlzSdv/kBs9HqJYzmsj8drTYIyZmZKyymrZGFJllTQG5yjSwCqN/0o+fr+6
6g129N6QNMwgftyAH42wlJp3AgMBAAGjgbgwgbUwHQYDVR0OBBYEFLSC7vWKdTSC
vSMDO5bkqa63O1+pMIGFBgNVHSMEfjB8gBS0gu71inU0gr0jAzuW5KmutztfqaFZ
pFcwVTELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRlc3RlcjEUMBIGA1UEAxMLZXhh
bXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb22CCQD9IkDY
ALho+jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHYn4uYHos3bOmoU
9KEXjn7/l9q0eCmhM77KSV8mg2z4QJ5lZ5GuuBRcCYV/5qBtu6V95xYuyWuGORZ0
b+ZcQIqgTuzrcBqF5KF8IeGlcXY73EN08u6n69L5W0Q+Jnr46MdAyXG5562TjWkA
aRbi++VtRbL7j9/8K8epWFk1IlZ/
-----END CERTIFICATE-----