Generate Self-Signed Certificate Online

The expression “self-signed certificates” typically refers to TLS/SSL certificates that have been generated standalone, without any linkage to a root or intermediate certificate.

A self-signed certificate is a digital certificate that is not signed by a certificate authority (CA), but instead is signed by the organization or software of the website or developer.

Below is an online tool to generate a self-signed certificate. It generates the private key, CSR and the certificate in X.509 format. All the generated certificates can be downloaded on the local machine safely.

Support This Free Tool!

I build these tools to give you fast, secure, privacy-friendly utilities—free and signup-free.

Buying me a coffee helps keep the project running and supports new features.

Powered by

Thank you for helping this tool thrive!

We do not store, log any key you enter. This tool is intended for personal and educational use. We suggest not to use online tools to protect real production secrets.

Usage Guide

Enter the form fields such as common name, org, org unit, email, etc and click on the Generate button to generate the private key, the CSR and the self-signed certificate.

Generating a Private Key with open SSL

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum

Open SSL Command to generate self-signed certificate

openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum

Open SSL Command to generate CSR file

openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum

Common RSA Terminologies

.key is the private key of the standard PKCS#8 structure.This is generally stored at the server and only accessible by the key owner.

.csr or .req or sometimes .p10 stands for Certificate Signing Request as defined in PKCS#10; This is a request for a certificate authority to sign the key.it contains information such as the public key and common name required by a Certificate Authority to create and sign a certificate for the requester, the encoding could be PEM or DER.

.crt is the certificate produced by the certificate authority that verifies the authenticity of the key. (The key itself is not included.) This is given to other parties, e.g. HTTPS client.

.pem Privacy Enhanced Mail (PEM) files are a type of Public Key Infrastructure (PKI) file used for keys and certificates. It could be any of the above files including a public key, a private key, or both, because a PEM file is not a standard.