How to Generate SSH/SSL Public and Private Keys



  1. Run ssh-keygen -t rsa -b 2048 -f <keyName>
  2. Tap enter twice to skip the passphrase, or enter one if you like.
  3. This will output keyName and

SSL with self-signed Certificate Authority (CA)

  1. Create CA key without passphrase openssl genrsa -out rootCA.key 2048 add -des3 if you want a passphrase
  2. Self sign the CA, openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem. Now you have a self signed SSL named rootCA.pem
  3. Use the CA just created to sign other SSL certificates.
  4. Create a private key, openssl genrsa -out device.key 2048
  5. Create a certificate signing request (CSR), openssl req -new -key device.key -out device.csr. Its important to note when answering the prompts, Common Name (eg, YOUR name) []: must match the host name of the web server you are using.
  6. Sign the CSR with your CA. openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256

Congrats you have a self-signed SSL cert.