Search 110+ free tools… (e.g. json, vpn, password) ⌘K
Link Tools Dereferer Hide Referrer Link URL Shortener Affiliate Cloaker PayPal Links PayPal DonationPayPal Links Privacy Tools Password Generator Cloudflare Resolver My Referrer Torrent Tools Magnet → Torrent Torrent → Magnet Torrent Editor Pirate Bay Proxies Movierulz Proxies ExtraTorrent Proxies Dev Tools Base64 Encoder Hash Generator HTTP Headers Disposable Email Checker Company Blog About Us Contact Anonymize Free
Tutorials

How to Generate a Self-Signed SSL Certificate (Free, Online)

JAY
Author
May 29, 2026 ·2 min read ·3 views
How to Generate a Self-Signed SSL Certificate (Free, Online)

Need HTTPS for localhost or an internal service? Here is how to generate a self-signed SSL certificate in seconds — online, with OpenSSL or with mkcert for local development.

If you are developing locally or running an internal service that needs HTTPS, a self-signed SSL certificate is the fastest solution. Unlike certificates from a Certificate Authority (CA), self-signed certs can be generated instantly for free — but browsers will show a warning for public-facing sites, which is why they are only suitable for development and internal use.

Option 1: Generate Online (No Tools Required)

The fastest approach is our free SSL Certificate Generator. Fill in your domain (localhost, an IP address or internal hostname), organisation details and validity period, then click Generate. You get a certificate and private key ready to paste into your server config or download as PEM files.

The generation uses the Web Crypto API and runs entirely in your browser — the private key is never transmitted to our servers.

Option 2: Generate with OpenSSL (Command Line)

If you have OpenSSL installed (standard on macOS and Linux, available on Windows via WSL or Git Bash), a single command generates a certificate and key:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes -subj "/C=US/O=Dev/CN=localhost"

For a certificate with Subject Alternative Names (required by modern browsers), use:

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 3650 -nodes   -subj "/CN=localhost"   -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"

Option 3: mkcert for Local Development

mkcert is a tool that generates locally-trusted certificates — no browser warning — by creating a local CA and adding it to your system trust store. Install with:

brew install mkcert    # macOS
mkcert -install
mkcert localhost 127.0.0.1 ::1

This creates localhost+2.pem and localhost+2-key.pem, trusted by Chrome, Firefox and Safari without any security warnings. This is the recommended approach for local development.

Using the Certificate

Nginx:

ssl_certificate     /path/to/cert.pem;
ssl_certificate_key /path/to/key.pem;

Apache:

SSLCertificateFile    /path/to/cert.pem
SSLCertificateKeyFile /path/to/key.pem

Node.js:

const https = require('https');
const fs = require('fs');
https.createServer({
  key: fs.readFileSync('key.pem'),
  cert: fs.readFileSync('cert.pem')
}, app).listen(443);

For Production Sites: Use Let's Encrypt Instead

Self-signed certificates are not suitable for public websites — all visitors will see a browser security warning. For production, use Let's Encrypt via Certbot, which provides free, automatically-renewing, CA-trusted certificates in minutes.

After setting up any SSL certificate, verify it is working correctly with our SSL Certificate Checker.

# Tutorials
Share on X
Rate this article
Your rating is stored anonymously. You can rate once per post.
Written by
JAY
Writer at Anonymiz

Related Articles

HTTP Security Headers: The Complete Guide to Grades A Through F
May 29, 2026 · JAY
Meta Tags Explained: How to Check and Fix Your OG Tags for Social Sharing
May 28, 2026 · JAY
How AI Website Builders Are Detected (And What They Leave Behind)
May 28, 2026 · JAY
← Back to Blog
Done!