Creating Self-Signed Certs with OpenSSL
Generate your own CA, sign a certificate, and inspect it with OpenSSL.
Welcome
In this hands-on lesson we create our own mini CA with OpenSSL, sign a server certificate, and inspect every field — learning PKI from the inside out.
Generate the Root CA Key
# Generate 4096-bit RSA CA private key
openssl genrsa -aes256 -out ca.key 4096
The -aes256 flag encrypts the private key with a passphrase. Always protect CA keys.
All lessons in this course
- What Is a Certificate? X.509 Structure
- Certificate Authorities & Trust Chains
- Certificate Revocation: CRL & OCSP
- Creating Self-Signed Certs with OpenSSL