Create Self-Signed SSL Certificates in Your Browser Generate self-signed SSL/TLS certificates for development.
Self-Signed Certificate Generator
Generate self-signed SSL/TLS certificates for development.
Enter domain and settings
Type your domain (e.g. localhost), choose validity period, and key size (2048 or 4096 bits).
Generate certificate
Click Generate to create the cert and private key in PEM format.
Copy or download
Copy PEM outputs or download the cert and key files for your server config.
What Is Self-Signed Certificate Generator?
A Self-Signed Certificate Generator is a tool that creates self-signed certificates, which are signed by the creator rather than a trusted Certificate Authority (CA). Developers use it to generate dev certificates for testing and development purposes, such as creating a localhost cert for local server testing. One specific problem it solves is the need for a quick and easy way to create an SSL certificate for internal development, without having to go through the process of obtaining a certificate from a CA.
The tool generates an RSA key pair with configurable validity periods, allowing developers to specify the number of days the certificate should be valid. It also allows for adjustable key sizes, such as 2048 or 4096 bits, providing more flexibility in terms of security and compatibility. This makes it different from other tools that may have fixed settings or require manual configuration.
It includes features like automatic formatting of the generated certificate and private key into PEM format, making it easy to copy and paste into development environments. For example, the tool can generate a self-signed cert with a validity period of 365 days, which can then be used as a localhost cert for local server testing. After generation, the certificate and private key can be easily copied to the clipboard, streamlining the process of creating and using a dev certificate.
Why Use Self-Signed Certificate Generator?
-
Quick dev certs
-
Configurable validity
-
Cert and key together
-
100% client-side
Common Use Cases
Local development
Enable HTTPS on localhost for web apps and APIs.
SSL/TLS testing
Verify server configs, TLS versions, or client certificate handling.
Internal services
Encrypt traffic between internal tools without a public CA.
Learning
Understand certificate structure and PEM format.
Technical Guide
The tool uses the Web Cryptography API to generate an RSA key pair, specifically utilizing the RSASSA-PKCS1-v1_5 algorithm with a SHA-256 hash function. This is achieved through the `crypto.subtle.generateKey` method, which takes in parameters such as the algorithm name, modulus length, and public exponent. The generated key pair consists of a private key in PKCS#8 format and a public key in SPKI (Subject Public Key Information) format. To create the certificate, it constructs an info string containing details like subject, issuer, validity dates, and the base64-encoded public key.
The `ab2b64` function is used to convert the ArrayBuffer representation of the public key into a base64-encoded string, which is then formatted according to the PEM (Privacy-Enhanced Mail) standard. The `fmtPem` function takes in this base64 string and wraps it in the necessary headers and footers to create a valid PEM-formatted certificate or private key. For example, when generating a certificate with a subject CN set to "localhost", the tool will produce a PEM-formatted certificate containing lines like "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----". The same process is applied to the private key, resulting in a PEM-formatted private key that can be easily copied and used in development environments.
The validity period of the generated certificate is determined by the number of days specified by the user, with a default value of 365 days. This period is calculated using JavaScript's Date object, which provides methods for manipulating dates and times. The resulting certificate contains the validity start and end dates in ISO format, as required by the PEM standard. Upon generation, both the certificate and private key are displayed in text areas, allowing users to easily copy them to the clipboard using the `copyToClipboard` function from the `@/lib/utils` module.
In terms of security, the tool's use of RSASSA-PKCS1-v1_5 with SHA-256 provides a secure method for generating digital signatures. The adjustable key sizes of 2048 or 4096 bits also allow developers to balance security and compatibility according to their needs. Overall, the combination of Web Cryptography API, PEM formatting, and JavaScript date manipulation enables the tool to generate self-signed certificates that meet common development requirements.
Tips & Best Practices
-
1Use for local dev only—never use self-signed certs in production.
-
2Let's Encrypt or a trusted CA for production sites.
-
3365-day validity is common for development.
-
4Keep the private key secure and never share it.
Related Tools
RSA Key Generator
Generate RSA key pairs using the Web Crypto API.
🔐 Encoding & Crypto
SSH Key Generator
Generate RSA and ECDSA key pairs for SSH authentication.
🔐 Encoding & Crypto
CSR Generator
Generate Certificate Signing Requests with RSA key pairs.
🔐 Encoding & Crypto
PEM/DER Converter
Convert between PEM and DER certificate/key formats.
🔐 Encoding & CryptoFrequently Asked Questions
Q Is the self-signed certificate generator free?
Q Will browsers trust my self-signed cert?
Q Is my private key safe?
Q Can I use this for production?
Q What key sizes are supported?
About This Tool
Self-Signed Certificate Generator is a free online tool by FreeToolkit.ai. All processing happens directly in your browser — your data never leaves your device. No registration or installation required.