# Creating a Self-Signed Certificate## Prerequisites- You'll need to install

1. # Creating a Self-Signed Certificate
2.  
3. ## Prerequisites
4.  
5. - You'll need to install OpenSSL to create and sign certificates.
6. - Linux: `sudo apt-get install openssl`
7. - MacOS: `brew install openssl`
8.  
9. ## Getting Started
10.  
11. 1. Create a root key for your new certificate authority
12. - `openssl genrsa -out root_ca.key 2048`
13.  
14. 2. Use the root key to sign a root certificate
15. - `openssl req -x509 -new -nodes -key root_ca.key -sha256 -days 1024 -out root_ca.pem`
16.  
17. 3. Create a private key
18. - `openssl genrsa -out server.key 2048`
19.  
20. 4. Create a certificate signing request
21. - When prompted, set the Common Name equal to the IP address or domain name at which your certificate will be found
22. - `openssl req -new -key server.key -out server.csr`
23.  
24. 5. Sign the CSR with your root key and root certificate
25. - If you are creating a certificate for an IP address:
26. - `openssl x509 -req -extfile <(printf "subjectAltName=IP:127.0.0.1") -in server.csr -CA root_ca.pem -CAkey root_ca.key -CAcreateserial -out server.crt -days 3650 -sha256`
27.  
28. - If you are creating a certificate for a domain name:
29. - `openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com") -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 3650 -sha256`