How to Create a Self-signed Client Certificate with OpenSSL

Mert Ilis
3 min readOct 20, 2020

I have posted before about creating self-signed client certificates with makecert utility. Today I’d like to describe step by step how we can do it with OpenSSL.

Client certificates are essential for mutual SSL authentication. During development and testing, I usually need self-signed ones for simplicity.

First, we need to create a Root CA certificate which will be used for creating the Server and Client certificates.

To make it simple, I’ve added the passwords to the commands (with the value “changeme”)!

openssl genrsa -aes256 -passout pass:changeme -out ca.pass.key 4096

This command creates an encrypted RSA private key for CA Root.

openssl rsa -passin pass:changeme -in ca.pass.key -out ca.key

This command extracts RSA private key.

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

This command creates the root certificate with the key. For this request, I supplied some dummy information for the fields Country Name, State or Province Name, Locality Name (eg, city) [Default City], Organization Name (eg, company) [Default Company Ltd], Organizational Unit Name (eg, section), Email Address.

For the Common Name (eg, your name or your server’s hostname) field we should specify a distinguishable name (like “TestRootCA”).

Second, we can use this CA certificate to create a server certificate that can be used for the SSL connection:

openssl genrsa -aes256 -passout pass:changeme -out server.pass.key 4096

This command creates an encrypted RSA private key for Server.

openssl rsa -passin pass:changeme -in server.pass.key -out server.key

This command extracts RSA private key.

openssl req -new -key server.key -out server.csr

This command creates a certificate creation request. For the Common Name, I specified a distinguishable name (like “TestServer”).

openssl x509 -CAcreateserial -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -out server.crt



Mert Ilis

I’m a software development enthusiast who likes trying different web technologies and adding value to his team.