# Generating a self-signed cert with openssl that works in Chrome 58

To create a self-signed certificate that works with Chrome 58 using OpenSSL, you can follow these steps:

1. Generate a private key:
    
    Use the following command to generate a private key. This example uses a 2048-bit RSA key:
    
    ```bash
    openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:2048
    
    ```
    
2. Create a Certificate Signing Request (CSR):
    
    Generate a CSR using the private key created in the previous step:
    
    ```bash
    openssl req -new -key key.pem -out csr.pem
    
    ```
    
    During the process, you'll be prompted to enter information like country, state, organization, etc. For a self-signed certificate, you can use dummy data.
    
3. Generate a Self-Signed Certificate:
    
    Create a self-signed certificate using the CSR:
    
    ```bash
    openssl x509 -req -in csr.pem -signkey key.pem -out cert.pem -days 365
    
    ```
    
    Adjust the `-days` parameter to set the validity period of the certificate. The example uses 365 days.
    
4. Combine the Certificate and Key:
    
    Create a combined file containing the certificate and the private key:
    
    ```bash
    cat key.pem cert.pem > ssl_certificate.pem
    
    ```
    

This creates a self-signed certificate that should be compatible with Chrome 58. However, note that self-signed certificates are inherently less secure than those signed by a trusted Certificate Authority (CA) and might prompt security warnings in browsers.

To use the generated certificate in a web server, replace the SSL configuration with the generated `ssl_certificate.pem` file.

Remember, if you're dealing with a production environment or public-facing website, it's highly recommended to use a certificate signed by a trusted CA to avoid security warnings and ensure a secure connection for your users.