Generate self-signed certificate with OpenSSL

OpenSSL is a command line interface that you can use to generate an RSA private key and certificate. Use OpenSSL to generate a private key and certificate.

To create a self-signed certificate:

1. Create a folder to hold the certificate:

   $ mkdir certificates

2. Change the current directory to the certificates folder

   $ cd certificates

3. In the certificates folder, specify a password and generate an RSA private key. Replace <your_password> with your own password.

   openssl genrsa -des3 -passout pass:<your_password_here> -out server.pass.key 2048

4. Create a key file from the server.pass.key file, using the password that you just created:

   openssl rsa -passin pass:<your_password_here> -in server.pass.key -out server.key

5. Delete the server.pass.key file:

   rm server.pass.key

6. Request and generate the certificate:

   openssl req -new -key server.key -out server.csr

7. Enter the requested information. Press Enter when prompted to challenge the password. To skip entering a company name, enter a period (.).
8. Generate the SSL certificate:

   openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

The output of the SSL certificate is the server.crt file which contains the self-signed certificate in PEM format. The certificate includes the public key and other details such as, the issuer, validity period and the signature. Use the certificate when you create the certificate in ServiceNow. For more information, see Create a certificate in ServiceNow.