SUSE Support

Here When You Need Us

How to create a self-signed or trusted third-party certificate with openssl

This document (7023144) is provided subject to the disclaimer at the end of this document.


SUSE Linux Enterprise Server 11


How to create a self-signed or trusted third-party certificate with openssl


How to generate a self-signed or trusted third-party certificate using openssl:
  1. Generate a Private Key by following the steps below from a terminal window:
    • openssl genrsa -des3 -out server.key 2048
    • Type the pass phrase to protect the key and press [Enter]
    • Re-enter the pass phrase.
  2. Generate a Certificate Signing Request by following the steps below:
    • openssl req -new -key server.key -out server.csr
    • Enter the pass phrase of the private key created in Step 1.
    • Fill in the Country Name, State or Province Name, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address.
      Note: The Common Name should be the DNS name of the server (i.e.
    • When asked for a Challenge password and optional company name, leave it blank.
  3. To sign the certificate, please select from the following options:
    • (Trusted 3rd-party Certificate Authority) Send the Certificate-Signing Request (CSR) to the third party for their signing. The following files should be received:
      • Server certificate (public key)
      • Intermediate CA and/or bundles that chain to the Trusted Root CA
    • (Self-signed) Sign the certificate with openssl:
      • openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
        Note: Increase or decrease 730 as needed. This is the number of days the certificate is valid for.
      • Enter the pass phrase of the Private Key. This is the same pass phrase that was entered in Step 1.
  4. (optional) If needed, create a concatenated PEM file:
    TID 7013103 - How to create a .pem File for SSL Certificate Installations

Additional Information

TID 7015502 - Common Mistakes in SSL Certificate Management & Implementation.
TID 7013103 - How to create a .pem File for SSL Certificate Installations.


This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7023144
  • Creation Date: 02-Jul-2018
  • Modified Date:15-Sep-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.