This command generates an SSL certificate in a single step.

openssl req -x509 -newkey 2048 -nodes -keyout key.pem -out cert.pem -days 365 -batch -subj '/CN=domain-name'

Breakdown of the options:

  • -x509: generate an actual certificate and not a certificate request
  • -newkey 2048: generate a new 2048-bit RSA key
  • -nodes: “no DES” not “nodes” - don’t encrypt the private key
  • -keyout key.pem: save the key in key.pem
  • -out cert.pem: save the certificate in cert.pem
  • -days 365: number of days this certificate is valid. The default is 30 days if this is not specified
  • -batch: don’t prompt for all the additional fields when generating certificate
  • -'/CN=domain-name': the domain for which this certificate is valid