What is a Self-signed Certificate?
A self-signed certificate is an SSL certificate that is signed by the entity it certifies, rather than by a trusted Certificate Authority (CA). It provides the same encryption as a CA-issued certificate but does not provide trust — browsers will show a security warning when they encounter a self-signed certificate.
When to Use Self-signed Certificates
- Local development (localhost)
- Internal services not exposed to the public internet
- Testing SSL/TLS configuration before deploying real certificates
- IoT devices and embedded systems
- Development Docker containers
⚠️ Never use self-signed certificates in production for public-facing websites. Use free certificates from Let's Encrypt instead — they are trusted by all major browsers and auto-renew every 90 days.
Generate with OpenSSL
One-command method (key + certificate together)
openssl req -x509 -newkey rsa:2048 -nodes \
-keyout private.key \
-out cert.pem \
-days 365 \
-subj "/CN=localhost/O=My Dev/C=TH"Two-step method
# Step 1: Generate private key
openssl genrsa -out private.key 2048
# Step 2: Generate certificate
openssl req -x509 -new -nodes \
-key private.key \
-sha256 -days 365 \
-out cert.pem \
-subj "/CN=localhost"Configure in Nginx
server {
listen 443 ssl;
server_name localhost;
ssl_certificate /path/to/cert.pem;
ssl_certificate_key /path/to/private.key;
location / {
# your config
}
}Configure in Node.js
const https = require('https')
const fs = require('fs')
const options = {
cert: fs.readFileSync('./cert.pem'),
key: fs.readFileSync('./private.key')
}
https.createServer(options, (req, res) => {
res.writeHead(200)
res.end('Hello HTTPS!')
}).listen(443)Trust the Certificate in Your Browser
To avoid browser warnings during development, add your self-signed certificate to your system's trusted certificate store:
- macOS: Open Keychain Access → drag cert.pem → set Trust to "Always Trust"
- Windows: Double-click cert.pem → Install Certificate → Trusted Root Certification Authorities
- Chrome/Firefox: Settings → Privacy → Certificates → Import