Create a self-signed certificate in one line
$ openssl req -nodes -x509 -newkey rsa:4096 -sha512 -days 365 -keyout cert.key -out cert.pem
Let’s analyze this command:
req: request a new PKCS#10 certificate;-nodes: do not encrypt the private key (no password);-x509: output a self-signed certificate instead of a certificate request;-newkey rsa:4096: create a new certificate request and a new 4096 bits RSA key;-sha512: sign the request with a SHA-512 message digest;-days 365: the certificate will be valid for 365 days;-keyout cert.key: private key filename;-out cert.pem: output filename.