Create Self-Signed certificate by one line command with openssl

How to create Self-Signed certificate by one line command with openssl

Behold

openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 365 -out domain.crt -nodes -subj "/CN=example.com" -addext "subjectAltName = DNS:example.com"

Output

Generating a RSA private key
...........................................................................+++++
...+++++

Result

bob@computer> ls
domain.crt  domain.key

bob@computer>openssl x509 -noout -text -in domain.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            56:f5:31:98:05:08:4e:96:ec:a9:d1:2c:a8:f6:95:36:cf:7c:6a:a8
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=example.com
        Validity
            Not Before: Dec 13 09:52:23 2025 GMT
            Not After : Dec 13 09:52:23 2026 GMT
        Subject: CN=example.com
 --- snip ---
         X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:C6:23:DD:86:24:67:DE:D8:03:63:8F:2C:B5:AE:63:C6:9F:64:51
            X509v3 Authority Key Identifier:
                39:C6:23:DD:86:24:67:DE:D8:03:63:8F:2C:B5:AE:63:C6:9F:64:51
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Alternative Name:
                DNS:example.com

Kudos to baeldung Creating a Self-Signed Certificate With OpenSSL and 425nesp How do I use SANs with openSSL instead of common name?

This post was updated 13/12/2025. I added info on SANs handling.