๐ŸŒ
CrypTool
cryptool.org โ€บ en โ€บ cto โ€บ openssl
OpenSSL โ€“ CrypTool
Toolkit for general-purpose cryptography with graphical controls in your browser
๐ŸŒ
Devglan
devglan.com โ€บ online-tools โ€บ openssl-hash-generator
OpenSSL Hash Generator Online (SHA-256, SHA-512, SHA-3)
Generate OpenSSL-compatible hashes online. Supports MD5, SHA-1, SHA-256, SHA-512, SHA-3, Whirlpool & RIPEMD-160. Hex & Base64 output.
People also ask

How do I convert a .crt file to PFX using OpenSSL?
Run: openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt โ€” A .crt file is typically PEM-encoded (same as .pem). This command bundles the certificate and private key into a PKCS#12/PFX file for use with IIS, Azure, or Windows.
๐ŸŒ
utilnx.com
utilnx.com โ€บ tools โ€บ openssl-command-generator
OpenSSL Command Generator - Generate SSL/TLS Certificate Commands ...
How do I generate a self-signed certificate with SAN for localhost?
Run: openssl req -x509 -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.crt -days 365 -subj "/CN=localhost" -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" โ€” Modern browsers require Subject Alternative Names (SAN); the Common Name (CN) alone is no longer sufficient.
๐ŸŒ
utilnx.com
utilnx.com โ€บ tools โ€บ openssl-command-generator
OpenSSL Command Generator - Generate SSL/TLS Certificate Commands ...
How do I convert PFX to PEM for Nginx or Apache?
Extract the certificate: openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt โ€” Extract the key: openssl pkcs12 -in cert.pfx -nocerts -nodes -out private.key โ€” Use these separate files in your Nginx ssl_certificate and ssl_certificate_key directives.
๐ŸŒ
utilnx.com
utilnx.com โ€บ tools โ€บ openssl-command-generator
OpenSSL Command Generator - Generate SSL/TLS Certificate Commands ...
๐ŸŒ
SSL
ssl.org โ€บ csr-generator
CSR Generator for SSL/TLS โ€” RSA & ECC | OpenSSL
Create a Certificate Signing Request (CSR) and matching private key online. Supports RSA and ECC (ECDSA) keys with SHA-256/384/512. The equivalent OpenSSL command is shown so you can generate it on your own server instead.
๐ŸŒ
Tplant
openssl.tplant.com.au
OpenSSL Web Terminal
Generate Keys ยท Sign & Verify ยท Hashes ยท Files ยท Welcome to OpenSSL in your browser! The upper terminal runs OpenSSL compiled to WebAssembly. You can also use the graphical user interface (GUI) to build and run commands. Have fun :) Key type: RSA ยท Elliptic curves ยท
๐ŸŒ
ACTE Technology
acte.ltd โ€บ utils โ€บ openssl
Generate OpenSSL private public keys online
RSA and DSA key generator in Openssh, PKCS1, PKCS8, Putty formats.
๐ŸŒ
Certificatetools
certificatetools.com
CertificateTools.com - Online X509 Certificate Generator
Create self-signed certificates, certificate signing requests (CSR), or a root certificate authority. Featuring support for multiple subject alternative names, multiple common names, x509 v3 extensions, RSA and elliptic curve cryptography.
๐ŸŒ
utilnx
utilnx.com โ€บ tools โ€บ openssl-command-generator
OpenSSL Command Generator - Generate SSL/TLS Certificate Commands Online | utilnx
Free online OpenSSL command generator. Generate private keys, CSRs, self-signed certificates. Convert PEM to PFX, CRT to PFX, PFX to PEM, P7B to PEM. Inspect certs, verify key pairs, test HTTPS. Multi-step workflows for Nginx, IIS, and Apache. Copy-paste ready commands with explanations.
Find elsewhere
๐ŸŒ
Terrific
terrific.tools โ€บ online โ€บ openssl-password-generator
OpenSSL Password Generator: Create Cryptographically Secure Passwords [2026] | terrific.tools
Generate cryptographically secure passwords using OpenSSL-style algorithms. Create hex, base64, or crypt format passwords with optional salt.
๐ŸŒ
GoGetSSL
gogetssl.com โ€บ home โ€บ online csr generator
Online CSR Generator | GoGetSSLยฎ
We provide professional and Free Online CSR Generator with an SHA-256 encryption algorithm and 2048-bit key size. We generate a certificate signing request (CSR) and Private Key (RSA key) at once.
๐ŸŒ
Devglan
devglan.com โ€บ online-tools โ€บ generate-self-signed-cert
Generate Self-Signed Certificate Online
Generate Self-Signed X.509 TLS/SSL Certificate online. This tool generates CSR, Public Certificate and Private key which can be downloaded for non-prod usage.
๐ŸŒ
DigiCert
digicert.com โ€บ home โ€บ general information โ€บ how to create a csr (certificate signing request)
How to create a CSR (Certificate Signing Request)
If you're uncertain about the exact company name or location when generating the CSR, don't worry. We offer the flexibility to modify and finalize that information during our review process before issuing the certificate. ... Once you've created the CSR, you'll need to copy and paste it into the online form where you submit a request to get a TLS/SSL certificate.
๐ŸŒ
Xolphin
xolphin.com โ€บ support โ€บ faq
Online CSR Generators
There are a number of 'CSR generator' tools available online from simple web searches. These would appear to be useful tools to help in generating CSRs and private keys for those who may not know how or may not be able to generate these certificate signing requests themselves.
Top answer
1 of 16
3329

You can do that in one command:

# Interactive
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365

# Non-interactive and 10 years expiration
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=XX/ST=StateName/L=CityName/O=CompanyName/OU=CompanySectionName/CN=CommonNameOrHostname"

You can also add -nodes (short for "no DES") if you don't want to protect your private key with a passphrase. Otherwise, it will prompt you for "at least a 4 character" password.

The days parameter (365) you can replace with any number to affect the expiration date. It will then prompt you for things like "Country Name", but you can just hit Enter and accept the defaults.

Add -subj '/CN=localhost' to suppress questions about the contents of the certificate (replace localhost with your desired domain).

Self-signed certificates are not validated with any third party, unless you import them to the browsers previously. If you need more security, you should use a certificate signed by a certificate authority (CA).

2 of 16
852

As of 2025 with OpenSSL โ‰ฅ 3.0, the following command serves all your needs, including Subject Alternate Name (SAN):

openssl req -x509 -newkey ed25519 -days 3650 \
  -noenc -keyout example.com.key -out example.com.crt -subj "/CN=example.com" \
  -addext "subjectAltName=DNS:example.com,DNS:*.example.com,IP:10.0.0.1"

If you prefer a different crypto algorithm, you can replace -newkey ed25519 with one of:

  • -newkey rsa:4096 -sha512 (if you need to support old browsers, or if you simply prefer RSA over ECC)
  • -newkey ec -pkeyopt ec_paramgen_curve:secp384r1 (if you prefer classic ECC)
  • -newkey ed448 (perhaps for the future, as ED448 is stronger than ED25519, but not supported by the browsers as of 2025)

On older systems with OpenSSL < 3.0, you need to replace -noenc with:

  • -nodes

On even older systems with OpenSSL < 1.1.1, such as Debian โ‰ค 9 or CentOS โ‰ค 7, a longer version of this command needs to be used, and some modern crypto algorithms such as ED25519 and ED448 are not available:

openssl req -x509 -newkey rsa:4096 -sha512 -days 3650 \
  -nodes -keyout example.com.key -out example.com.crt -extensions san -config \
  <(echo "[req]"; 
    echo distinguished_name=req; 
    echo "[san]"; 
    echo subjectAltName=DNS:example.com,DNS:*.example.com,IP:10.0.0.1
    ) \
  -subj "/CN=example.com"

Each of the above commands creates a certificate that is

  • valid for the domain example.com (SAN),
  • also valid for the wildcard domain *.example.com (SAN),
  • also valid for the IP address 10.0.0.1 (SAN),
  • very strong (as of 2025) and
  • valid for 3650 days (~10 years).

The following files are generated:

  • Private key: example.com.key
  • Certificate: example.com.crt

All information is provided at the command line. There is no interactive input that annoys you. There are no config files you have to mess around with. All necessary steps are executed by a single OpenSSL invocation: from private key generation up to the self-signed certificate.


Remark #1: Crypto parameters

Since the certificate is self-signed and needs to be accepted by users manually, it doesn't make sense to use a short expiration or weak cryptography.

In the future, there might be even better crypto algorithms, but as of 2025, ED448 is a very good choice. It is very strong and supported by all modern browsers.

Remark #2: Parameter "-noenc"

Theoretically you could leave out the -noenc parameter (formerly -nodes which meant "no DES encryption"), in which case example.key would be encrypted with a password. However, this is almost never useful for a server installation, because you would either have to store the password on the server as well, or you'd have to enter it manually on each reboot.

Remark #3: See also

  • Provide subjectAltName to openssl directly on command line

  • How to add multiple email addresses to an SSL certificate via the command line?

  • More information about MSYS_NO_PATHCONV

๐ŸŒ
8gWiFi
8gwifi.org โ€บ SelfSignCertificateFunctions.jsp
Self-Signed Certificate Generator - X.509 Certificate with SAN Support Free | 8gwifi.org
January 15, 2025 - Generate self-signed X.509 certificates online with Subject Alternative Names (SAN), custom expiry, and version support. Free SSL/TLS certificate generator for development and testing.
๐ŸŒ
Sectigo
sectigostore.com โ€บ home โ€บ ssl tools โ€บ generate csr
CSR Generator - Free Online CSR Generator Tools by Sectigo
Now it's easy to create CSR for SSL certificate. Use our Free Online CSR Generation tool to generate CSR with any hassle for new or renew SSL certificate.
๐ŸŒ
Monocalc
monocalc.com โ€บ home โ€บ tools โ€บ programming โ€บ openssl command generator
OpenSSL Command Generator โ€“ CLI Builder
April 30, 2026 - Generate accurate OpenSSL CLI commands instantly. Build key generation, CSR, certificate, encryption, and digest commands via an interactive form.
๐ŸŒ
Devglan
devglan.com โ€บ online-tools โ€บ generate-csr-online
CSR Key Generator Online
An online tool to generate a Certificate Signing Request using OpenSSL. The generated CSR and private key can be downloaded locally.
๐ŸŒ
en
interssl.com โ€บ en โ€บ ssl-tools-csrgen.php
CSR/KEY Online Generator
SSL Security Check CSR/KEY Online Generator CSR/KEY Tutorial (openssl) CSR Decoder PFX P12 Converter (PKCS#12) PEM Converter (X.509) CRT CER PEM Decoder (X.509)