I'm adding https support to an embedded linux device. I have tried to generate a self-signed certificate with these steps:
openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001 cat key.pem>>cert.pem
This works, but I get some errors with, for example, google chrome:
This is probably not the site you are looking for!
The site's security certificate is not trusted!
Am I missing something? Is this the correct way to build a self-signed certificate?
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days XXX
PKCS#10 certificate request and certificate generating utility.
this option outputs a self signed certificate instead of a certificate request. This is typically used to generate a test certificate or a self signed root CA.
this option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size.
this gives the filename to write the newly created private key to.
This specifies the output filename to write to or standard output by default.
when the -x509 option is being used this specifies the number of days to certify the certificate for. The default is 30 days.
if this option is specified then if a private key is created it will not be encrypted.
The documentation is actually more detailed than the above, I just summarized it here.