Generate OpenSSL commands to create a CSR or self-signed SSL/TLS certificate
Generators
Generator
How to Use
1Enter the Common Name (your domain, e.g. example.com or *.example.com for wildcard)
2Enter your Organization name and 2-letter Country code
3Select the key size (2048-bit for standard, 4096-bit for higher security)
4Check 'Self-Signed' if you want a certificate for local/dev use without a CA
5Copy and run the generated commands in your terminal
Frequently Asked Questions
A Certificate Signing Request (CSR) is a block of encoded text that contains your public key and organization information. You submit it to a Certificate Authority (CA) to obtain a signed SSL/TLS certificate for your domain.
Self-signed certificates are useful for local development, internal tools, or testing HTTPS. They are not trusted by browsers by default and should not be used for public-facing production websites.
2048-bit is the current industry standard and is accepted by all CAs. 4096-bit provides a higher security margin but requires more CPU for handshakes. For most use cases, 2048-bit is sufficient.
The Common Name (CN) must match the domain name you want to secure. For example, use 'example.com' for a single domain or '*.example.com' for a wildcard certificate that covers all subdomains.