Self-Signed Certificate

Generate a self-signed X.509 RSA certificate (PEM) for dev / staging.

Common name (CN) Key size Valid days Extra SAN DNS names (comma-separated)

Be careful. The private key is generated on the server. For production use, generate keys on a trusted local machine and never paste real private keys into any web tool.

About this tool

Generate a brand-new RSA private key and self-signed X.509 certificate for any host. Output is PEM-encoded — copy directly into nginx / Apache / Caddy. Production traffic should always use a CA-issued certificate.