Generate Self-Signed Certificate Online

The expression “self-signed certificates” typically refers to TLS/SSL certificates that have been generated standalone, without any linkage to a root or intermediate certificate.

A self-signed certificate is a digital certificate that is not signed by a certificate authority (CA), but instead is signed by the organization or software of the website or developer.

Below is an online tool to generate a self-signed certificate. It generates the private key, CSR and the certificate in X.509 format. All the generated certificates can be downloaded on the local machine safely.

Self-Signed Certificate Generator

Invalid email

Private Key

X.509 cert


Any secret key value that you enter, or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that any secret keys cannot be stolen.

If you appreciate this tool, then you can consider donating.

We are thankful for your never ending support.

Usage Guide

Enter the form fields such as common name, org, org unit, email, etc and click on the Generate button to generate the private key, the CSR and the self-signed certificate.

Generating a Private Key with open SSL

openssl pkey -in privateKey.key -pubout -outform pem | sha256sum

Open SSL Command to generate self-signed certificate

openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum

Open SSL Command to generate CSR file

openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum

Common RSA Terminologies

.key is the private key of the standard PKCS#8 structure.This is generally stored at the server and only accessible by the key owner.

.csr or .req or sometimes .p10 stands for Certificate Signing Request as defined in PKCS#10; This is a request for a certificate authority to sign the contains information such as the public key and common name required by a Certificate Authority to create and sign a certificate for the requester, the encoding could be PEM or DER.

.crt is the certificate produced by the certificate authority that verifies the authenticity of the key. (The key itself is not included.) This is given to other parties, e.g. HTTPS client.

.pem Privacy Enhanced Mail (PEM) files are a type of Public Key Infrastructure (PKI) file used for keys and certificates. It could be any of the above files including a public key, a private key, or both, because a PEM file is not a standard.