Free Self-Signed SSL Certificate Generator

Generate a Certificate

Enter the domain name or IP address

Common Name

Subject Alternative Names

Additional domain names or IPs, one per line. Common Name is included automatically.

Optional Details

All fields below are optional. Defaults will be used if left empty.

Key Type

Validity (days)

Country

State / Province

City

Organization

Org Unit

Output Format

ZIP (PEM files)

PFX (PKCS#12)

Frequently Asked Questions

What is a self-signed certificate?

A self-signed certificate is an SSL/TLS certificate that is signed by its own creator rather than a trusted Certificate Authority (CA). It provides the same encryption as a CA-signed certificate, but browsers will show a warning because the identity hasn't been verified by a third party. They are ideal for development, testing, internal tools, and learning.

What key types are supported?

Certificate Depot supports RSA keys (2048-bit and 4096-bit) and ECDSA keys (P-256 and P-384 curves). RSA 2048 is the most widely compatible option. ECDSA keys are smaller and faster, making them a good choice for modern systems. All keys are generated using cryptographically secure random number generation.

What are Subject Alternative Names (SANs)?

SANs allow a single certificate to cover multiple domain names and IP addresses. For example, you can create one certificate for example.com, www.example.com, and *.example.com. Modern browsers require SANs and ignore the Common Name field for validation, so adding SANs is highly recommended.

What is the difference between ZIP and PFX download?

ZIP contains two separate PEM files: the certificate and the private key. This is the most common format for Apache, Nginx, and most Linux-based servers. PFX (also called PKCS#12) bundles the certificate and private key into a single password-protected file. This format is commonly used with IIS, Windows, and Java applications.

Is it safe to generate certificates here?

Certificates are generated in memory on the server and streamed directly to your browser. No private keys are stored or logged. However, since the private key is generated server-side, you should only use certificates from this tool for development and testing purposes. For production use, generate certificates locally using tools like OpenSSL or obtain them from a trusted Certificate Authority.

How do I install the certificate?

Nginx: Point ssl_certificate to certificate.pem and ssl_certificate_key to private-key.pem.
Apache: Use SSLCertificateFile and SSLCertificateKeyFile directives.
Node.js: Pass the PEM files to https.createServer() options.
Windows/IIS: Import the PFX file through IIS Manager or the certificate MMC snap-in.