Can I use these for production?

No. Self-signed certificates are for development only. Browsers and clients will warn that the certificate is untrusted because it's not signed by a trusted CA. Use Let's Encrypt (free), Sectigo, DigiCert, or another CA for production HTTPS.

What key type should I use?

ECDSA P-256 is recommended for modern applications — it's faster and smaller while providing 256-bit security. RSA 2048+ for maximum compatibility with older systems.

How do I use the certificate in my web server?

Download the .crt and .key files, then configure your server. For Node.js/Express: load the cert and key with fs and pass to https.createServer(). For nginx: set ssl_certificate and ssl_certificate_key in the server block.

OmniToolsKit

Certificate Generator

Name: Certificate Generator
Rating: 5 (2 reviews)
Author: OmniToolsKit

Generate self-signed X.509 digital certificates for PDF signing, SSL/TLS, and code signing.

Self-signed X.509RSA Key PairsIn-browser OnlyPEM Format

Certificate Configuration

Configure your self-signed certificate parameters

Key Settings

Key Algorithm

Key Size

Valid for (days)

Subject Information

Common Name (CN) *

Organization (O)

Organizational Unit (OU)

Email Address

City (L)

State (ST)

Country (C)

About this tool

Generate self-signed SSL/TLS certificates for HTTPS development, testing, and staging environments. Create certificate signing requests (CSRs) for major CAs like Let's Encrypt, DigiCert, and GoDaddy.

About

Self-Signed Certificates for Development and Testing Environments

A self-signed certificate is an X.509 public-key certificate signed by its own private key, rather than being signed by a trusted certificate authority (CA). Self-signed certificates are useful for development, testing, and staging because they enable HTTPS/TLS encryption without the cost and delay of purchasing a CA-signed certificate.

Browsers and applications warn that self-signed certificates are untrusted (because the issuer is not in the browser's root CA store) — this is expected and correct behavior. You tell your client or application to trust the self-signed certificate for testing only.

For production environments, you must use a CA-signed certificate from a trusted authority. However, for developing with HTTPS locally, testing API endpoints, staging internal applications, or setting up testing infrastructure, self-signed certificates are perfect: they cost nothing, take seconds to generate, and provide real encryption and TLS protocol testing.

OmniToolsKit's certificate generator creates self-signed certificates with configurable subject names (CN, O, C, etc.), key types (RSA 2048/4096 or ECDSA P-256/P-384), and validity periods (1-3650 days). It also generates certificate signing requests (CSRs) for submission to CAs, which is the first step toward obtaining a CA-signed certificate.

Common Use Cases for Self-Signed Certificates

Local HTTPS Development

Generate a certificate with CN=localhost, import it into your development server, and configure your browser to trust it. Test HTTPS, cookies, mixed-content policies, and TLS handshakes in a realistic environment.

Staging and Testing Internal Applications

Issue temporary certificates for staging servers and internal tools running on private networks. Teams can bypass certificate warnings by trusting the cert on development machines.

Certificate Signing Request (CSR) Generation

Create a CSR with your desired subject information and send it to a CA (Let's Encrypt, Sectigo, etc.). The CA signs it and returns a CA-signed certificate, the standard path to production HTTPS.

How to Use

1
Enter Certificate Details
Fill in the subject fields: Common Name (CN, often 'localhost' or your domain), Organization (O), Country (C), State (ST), and City (L). These don't need to match real information for testing.
2
Select Key Algorithm and Size
Choose between RSA (2048-bit or 4096-bit) for broad compatibility, or ECDSA (P-256 or P-384) for modern efficiency. P-256 offers equivalent security to RSA-3072 with smaller keys and faster operations.
3
Set Validity Period and Optional Extensions
Set how many days the certificate is valid (365 days is typical for development). Optionally add Subject Alternative Names (SANs) like '*.localhost' or additional identities, and certificate extensions like BasicConstraints.
4
Download Certificate and Key
Download the certificate (.crt or .pem) and private key (.key) separately. Install them in your web server (nginx, Apache, Node.js) to enable HTTPS. Keep the private key secure and never share it.

Features

Self-Signed Certificate Generation
Generates X.509 v3 certificates signed with your own key, suitable for development, testing, and staging with configurable validity periods and subject fields.
Certificate Signing Requests (CSRs)
Create CSRs for submission to certificate authorities. The CSR contains your public key and requested subject information; the CA verifies ownership and returns a signed certificate.
RSA and ECDSA Key Support
Generate RSA keys (2048/4096-bit) for maximum compatibility or ECDSA keys (P-256/P-384) for modern efficiency. ECDSA certificates are smaller and faster without sacrificing security.
Subject Alternative Names (SAN) and Custom Extensions
Add SANs like *.example.com or additional identities. Include custom X.509 extensions like BasicConstraints for testing intermediate CAs or CRL distribution points.

Frequently Asked Questions

Found this tool useful?

Share your experience and help others discover it.