Ssl Certificate Openssl


Someday you may need to get the SSL certificate of a website and save it locally.

For example, you could get an error saying that you can’t clone a Git repository due to a self-signed certificate and to resolve this issue you would need to download the SSL certificate and make it trusted by your Git client.

In the following article i am showing how to export the SSL certificate from a server (site URL) using Google Chrome, Mozilla Firefox and Internet Explorer browsers as well as how to get SSL certificate from the command line, using openssl command.

Jun 03, 2020 The command below generates a private key and certificate. Openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:4096 -keyout private.key -out certificate.crt. Let's break down the various parameters to understand what is happening. Req - Command passed to OpenSSL intended for creating and processing certificate requests usually in the PKCS#10 format. If you would like to use an SSL certificate to secure a service but you do not require a CA-signed certificate, a valid (and free) solution is to sign your own certificates. A common type of certificate that you can issue yourself is a self-signed certificate. A self-signed certificate is a certificate that is signed with its own private key. Next, you'll create a server certificate using OpenSSL. Create the certificate's key. Use the following command to generate the key for the server certificate. Openssl ecparam -out fabrikam.key -name prime256v1 -genkey Create the CSR (Certificate Signing Request) The CSR is a public key that is given to a CA when requesting a certificate.

Cool Tip: Create a self-signed SSL Certificate! Read more →

Export SSL Certificate

Google Chrome


Export the SSL certificate of a website using Google Chrome:

  1. Click the Secure button (a padlock) in an address bar
  2. Click the Show certificate button
  3. Go to the Details tab
  4. Click the Export button
  5. Specify the name of the file you want to save the SSL certificate to, keep the “Base64-encoded ASCII, single certificate” format and click the Save button

Mozilla Firefox

Export the SSL certificate of a website using Mozilla Firefox:

  1. Click the Site Identity button (a padlock) in an address bar
  2. Click the Show connection details arrow
  3. Click the More Information button
  4. Click the View Certificate button
  5. Go to the Details tab
  6. Click the Export button
  7. Specify the name of the file you want to save the SSL certificate to, keep the “X.509 Certificate (PEM)” format and click the Save button

Cool Tip: Check the expiration date of the SSL Certificate from the Linux command line! The fastest way! Read more →

Internet Explorer

Download and save the SSL certificate of a website using Internet Explorer:

  1. Click the Security report button (a padlock) in an address bar
  2. Click the View Certificate button
  3. Go to the Details tab
  4. Click the Copy to File... button
  5. Click the Next button
  6. Select the “Base-64 encoded X.509 (.CER)” format and click the Next button
  7. Specify the name of the file you want to save the SSL certificate to
  8. Click the Next and the Finish buttons


Get the SSL certificate of a website using openssl command:

Short explanation:

-connect HOST:PORTThe host and port to connect to
-servername NAMEThe TLS SNI (Server Name Indication) extension (website)
certificate.crtSave SSL certificate to this file


Ideally, SSL certificates are issued by publicly trusted certificate authorities (e.g. Let’s Encrypt, Comodo, Verisign) to provide authentication and encryption on the internet. However, you could obtain an SSL certificate without going through a third-party certificate authority — this is what is referred to as a self-signed certificate.

This tutorial describes how to generate a self-signed SSL certificate by using OpenSSL in Linux. OpenSSL is an open-source software library used to implement secure communications on the Internet.

How to Install OpenSSL in Linux

OpenSSL comes preinstalled on major Linux distributions and you can confirm that OpenSSL is installed on your Linux machine using the following command.

You should see an output with OpenSSL version info similar to what is shown in the figure below. I am using Ubuntu Linux 20.04.

If OpenSSL not installed, you can run the following command to install OpenSSL in Linux.

Generate Self-Signed SSL Certificates using OpenSSL

Once you have confirmed that the openssl tool is installed, you are now ready to generate your self-signed certificate as follows.

Generate OpenSSL Private Key

Ssl Certificate Checker

Firstly, run the command below to generate and save your private key which will be used to sign the SSL certificate. You can use anything in place of ubuntu_server.

Your private key will be saved in the current working directory.

Generate Certificate Signing Request

Next, generate a Certificate Signing Request (CSR) with the following command. Note that you would need to specify the correct name of the private key which you generated earlier.

During the process of generating a CSR, you would be prompted to provide some information that will be associated with your certificate signing request. The CSR will be saved in the current working directory.

Note: You may leave some fields blank. For example, the fields under ‘extra’ attributes may be left blank by hitting enter on the keyboard.

After the CSR completes successfully, you are ready to sign your certificate by yourself.

Open Ssl Certificates

Self-Sign Your Certificate

Run the command below to request a self-signed certificate which will be valid for 365 days. The x509 option refers to the X.509 international standard for creating and verifying public key certificates. Remember to replace ubuntu_server as appropriate.

Your self-signed certificate will be saved in the current working directory and you can confirm by running the ls command.

Also, you can review the certificate details with the following command.

At this point, your self-signed certificate is ready to be deployed to your web apps or sites.


In this guide, we described how to generate self-signed SSL certificates with the openssl tool in Linux. Do note that self-signed certificates are considered insecure by all major web browsers. Therefore, you should probably only use such certificates internally or for testing and development purposes.