How to Create a Self-signed SSL Certificate for Local Development

What is a Self-signed Certificate?

A self-signed certificate is an SSL certificate that is signed by the entity it certifies, rather than by a trusted Certificate Authority (CA). It provides the same encryption as a CA-issued certificate but does not provide trust — browsers will show a security warning when they encounter a self-signed certificate.

When to Use Self-signed Certificates

• Local development (localhost)
• Internal services not exposed to the public internet
• Testing SSL/TLS configuration before deploying real certificates
• IoT devices and embedded systems
• Development Docker containers

Generate with OpenSSL

One-command method (key + certificate together)

openssl req -x509 -newkey rsa:2048 -nodes \
  -keyout private.key \
  -out cert.pem \
  -days 365 \
  -subj "/CN=localhost/O=My Dev/C=TH"

Two-step method

# Step 1: Generate private key
openssl genrsa -out private.key 2048

# Step 2: Generate certificate
openssl req -x509 -new -nodes \
  -key private.key \
  -sha256 -days 365 \
  -out cert.pem \
  -subj "/CN=localhost"

Configure in Nginx

server {
  listen 443 ssl;
  server_name localhost;

  ssl_certificate     /path/to/cert.pem;
  ssl_certificate_key /path/to/private.key;

  location / {
    # your config
  }
}

Configure in Node.js

const https = require('https')
const fs = require('fs')

const options = {
  cert: fs.readFileSync('./cert.pem'),
  key: fs.readFileSync('./private.key')
}

https.createServer(options, (req, res) => {
  res.writeHead(200)
  res.end('Hello HTTPS!')
}).listen(443)

Trust the Certificate in Your Browser

To avoid browser warnings during development, add your self-signed certificate to your system's trusted certificate store:

• macOS: Open Keychain Access → drag cert.pem → set Trust to "Always Trust"
• Windows: Double-click cert.pem → Install Certificate → Trusted Root Certification Authorities
• Chrome/Firefox: Settings → Privacy → Certificates → Import