Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
OpenSSL Generate 4096-bit Certificate (Public/Private Key Encryption) with SHA256 Fingerprint
# Generate Private Key and Certificate using RSA 256 encryption (4096-bit key)
openssl req -x509 -newkey rsa:4096 -keyout privatekey.pem -out certificate.pem -days 365
# Alternatively, setting the "-newkey" parameter to "rsa:2048" will generate a 2048-bit key.
# Generate PKCS#12 (P12) file for cert; combines both key and certificate together
openssl pkcs12 -export -inkey privatekey.pem -in certificate.pem -out cert.pfx
# Generate SHA256 Fingerprint for Certificate and export to a file
openssl x509 -noout -fingerprint -sha256 -inform pem -in certificate.pem >> fingerprint.txt
# Generate SHA1 Fingerprint for Certificate and export to a file
#openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem >> fingerprint.txt
# FYI, it's best practice to use SHA256 instead of SHA1 for better security, but this shows how to do it if you REALLY need to.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.