Hi Manoj, if you want to generate just one selfsigned certificate, this would be the easiest:
# generate key and self signed cert with one command openssl req -x509 -nodes -days 3650 \ -subj '/C=DE/ST=some-state/L=somewhere/CN=example.com' \ -newkey rsa:1024 -keyout key.pem -out cert.pem # verify it "against itself" openssl verify -CAfile cert.pem cert.pem Is this what you are looking for? However, if you want to use the demoCA built-in with openssl (which is a strange approach for generating selfsigned certificates) it would look like this: # first generate a key openssl genrsa -out key.pem 2048 # generate a request with this key openssl req -new -key key.pem \ -subj '/C=DE/ST=some-state/L=somewhere/O=Test/CN=example.com' \ -out req.pem # create the directory structures needed (see your openssl.cnf) mkdir -p ./demoCA/newcerts touch ./demoCA/index.txt echo 00 > ./demoCA/serial # issue a selfsigned certificate openssl ca -in req.pem -keyfile key.pem -selfsign -out file.pem # verify it openssl verify -CAfile file.pem file.pem # or you could have a look at the one which ends up in the # directory where newly issued certificates are stored openssl verify -CAfile file.pem demoCA/newcerts/00.pem # look at the file in text form, just to complete the list # of widely used commands :-) openssl x509 -in file.pem -noout -text PS: I have tested this with OpenSSL 0.9.8k in Ubuntu 10.04 LTS best regards, Martin ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org