How can I create a self-signed certificate with openssl?

The simplest way to create a self-signed certificate is to use OpenSSL with the following one-liner: It is often useful to create a single .pem file containing both the key and the cert: These steps also work on Windows, except that you will need to use openssl.exe and type to concatenate the files: This resulting .pem file can be used by a webserver to provide HTTPS, but will generally result in web browsers being reluctant to display the resulting webpages, precisely because the certificate is self-signed. It is easy enough to click through the sequence of warning dialogue boxes that browsers present the user with and get the browser to accept the certificate. Sometimes however, users would prefer to explicitly trust the certificate and avoid the ominous red warning signs that browsers typically decorate the address bar with when rendering pages encrypted with the certificate (see next question). Some browsers, notably Chrome, are more demanding of the certificate and require further structure; most versions of OpenSSL need directives provided via a configuration file to create this structure. For example, a configration file self-signed.conf with the following content: can be provided to OpenSSL via the -config option: Note: this content is a digest of several answers provided in this StackOverflow thread.