Home/ Questions/Q 7800241
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T00:34:16+00:00

I’m adding HTTPS support to an embedded Linux device. I have tried to generate

  • 0

I’m adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps:

openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
cat key.pem>>cert.pem

This works, but I get some errors with, for example, Google Chrome:

This is probably not the site you are looking for!
The site’s security certificate is not trusted!

Am I missing something? Is this the correct way to build a self-signed certificate?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can do that in one command:

    # interactive
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

# non-interactive and 10 years expiration
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"

    You can also add -nodes (short for "no DES") if you don’t want to protect your private key with a passphrase. Otherwise it will prompt you for "at least a 4 character" password.

    The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like "Country Name", but you can just hit Enter and accept the defaults.

    Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain).

    Self-signed certificates are not validated with any third party unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).

    • 0