To generate a self-signed SSL certificate using the OpenSSL, complete the following steps:

  • Write down the Common Name (CN) for your SSL Certificate.
    • The CN is the fully qualified name for the system that uses the certificate.
    • If you are using Dynamic DNS, your CN should have a wild-card, for example: *
    • Otherwise, use the hostname or IP address set in your Gateway Cluster (for example. or
  • Run the following OpenSSL command to generate your private key and public certificate.
    • Answer the questions and enter the Common Name when prompted.

openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem

  • Review the created certificate:

openssl x509 -text -noout -in certificate.pem

  • Combine your key and certificate in a PKCS#12 (P12) bundle:

openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12

  • Validate your P2 file.

openssl pkcs12 -in certificate.p12 -noout -info

The command below issues a certificate for a server without additional entry. All information about the server is contained in the subj field.

  1. openssl req -newkey rsa:2048 -sha256 -nodes -keyout key.pem -x509 -days 730 -out certificate.pem -subj “/C=US/ST=Missouri/L=St Louis/O=Acumen Hosted Services/OU=Org/”
  2. openssl x509 -text -noout -in certificate.pem
  3. openssl pkcs12 -inkey key.pem -in certificate.pem -export -out certificate.p12
  4. openssl pkcs12 -in certificate.p12 -noout -info

Need more assistance?

Contact Us today!