To generate a self-signed certificate:

openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -noenc -out coffeeNET.crt -keyout coffeeNET.key -subj "/C=US/ST=Illinois/L=Chicago/O=coffeeNET/OU=Homelab/CN=lab.home.arpa"

What these options mean:

• -newkey rsa:4096: Generates a new certificate request and a 4096-bit RSA key. The default is 2048 is you don't specify.
• -x509: Specifies that you want to create a self-signed certificate rather than a certificate signing request (CSR).
• -sha256: Uses the 256-bit SHA (Secure Hash Algorithm) for the certificate.
• -days 3650: Sets the validity of the certificate to 3650 days (10 years), but you can adjust this to any positive integer.
• -noenc: Creates the certificate without a passphrase. Stands for "no encryption".
• -out coffeeNET.crt: Outputs the certificate to a file named coffeeNET.crt.
• -keyout coffeeNET.key: Outputs the private key to a file named coffeeNET.key.

• -subj: Provides subject information about the certificate.

  • /C=US is the country code.
  • /ST=Illinois is the state.
  • /L=Chicago is the locality/city.
  • /O=coffeeNET is the organization name.
  • /OU=Homelab is the organizational unit.
  • /CN=lab.home.arpa is the common name, which is often the fully-qualified domain name (FQDN) for the certificate.