Sticky Notes: Self-signed Certificate

Sometimes I need a TLS1 certificate, for some local HTTPS or other services/protocols with some level of security to play nicely.

Make sure you have openssl installed on your computer. Then run:

openssl req -nodes -new -x509 \
  -keyout server.key -out server.crt \
  -subj '/C=EU/L=Berlin/O=MarkentierTech/CN=myservice'


  • replace values for the parameters (C, L, O, CN) to your needs
  • a self-signed certificate is usually not considered secure by browsers; you might need to add them manually to the necessary certificate stores
  • use mkcert.dev if you need something slightly more sophisticated

Similar name, but different use case: mkcert.org — to get a PEM file of certificates you want to trust. For example if you want to build/use apps with custom certificate trust store.


Yep, I will only talk about TLS, we should really forget about SSL, because despite marketing those protocol versions shall never be used again.