How to generate a self-signed certificate
In order to generate a certificate, we have to generate a key pair, a CSR, and finally, a certificate. The openssl tool can generate a self-signed certificate in several ways. One of the ways is to use a single command to generate a key pair and a self-signed certificate. But we will use separate commands because it is a more generic way.
We are going to use the following openssl subcommands: genpkey, pkey, req, and x509. Their documentation is available on the following man pages:
$ man openssl-genpkey $ man openssl-pkey $ man openssl-req $ man openssl-x509
This is how we generate a self-signed certificate:
- First, let’s generate a key pair. This time let’s use
ED448as the key type:$ openssl genpkey -algorithm ED448 -out root_keypair.pem
We have got no output, meaning that we have got no error.
- Let’s inspect our newly created key:
$ openssl pkey -in root_keypair.pem -noout –text ED448...
