sslfie: generate your own certificates

security_compCertificates are an important player in identity authentication of websites. How do you generate a certificate-key pair for your website easily? sslfie is a smart bash script to generate self-signed x.509 certificates for use with SSL/TLS. It uses SSL commands in the background but hides the complexity and steps from the user.


  • Supports multiple domain names in one cert with the SubjectAltName field
  • Trivial to automate — the only required argument is a domain name
  • Automatically set modern options by default (-sha256, -utf8)
  • Easy to install .deb and .rpm packages


Though the author provides deb and rpm packages, the easiest way to install sslfie is to download the script:

$ curl -O
$ chmod +x sslfie


List of options:

$ ./sslfie -help
Usage: sslfie [OPTION]... DOMAIN [DOMAIN2]...
Generate a self-signed x.509 certificate for use with SSL/TLS.
 -o PATH -- output the cert to a file at PATH
 -k PATH -- output the key to a file at PATH
 -K PATH -- sign key at PATH (instead of generating a new one)
 -c CC -- country code listed in the cert (default: XX)
 -s SIZE -- generate a key of size SIZE (default: 2048)
 -y N -- expire cert after N years (default: 10)

Example usage:

$ ./sslfie -c US -o tuxdiary.crt -k tuxdiary.key

Verify the certificate:

$ openssl x509 -in tuxdiary.crt -noout -text

On GitHub: sslfie

One thought on “sslfie: generate your own certificates”

Leave a Reply

Your email address will not be published. Required fields are marked *