Generate self-signed certificate with OpenSSL
OpenSSL is a command line interface that you can use to generate an RSA private key and certificate. Use OpenSSL to generate a private key and certificate.
To create a self-signed certificate:
- Create a folder to hold the certificate:
$ mkdir certificates 
- Change the current directory to the certificates folder
$ cd certificates 
- In the certificates folder, specify a password and generate an RSA private key. Replace <your_password> with your own password.
openssl genrsa -des3 -passout pass:<your_password_here> -out server.pass.key 2048
- Create a key file from the server.pass.keyfile, using the password that you just created:openssl rsa -passin pass:<your_password_here> -in server.pass.key -out server.keyNotes:- The Unified Experience integration requires a private key in the traditional PKCS#1 RSA format for compatibility with the integration’s secure connection handling. PKCS#8 RSA format is not compatible with the integration.
- If you add the -traditionalflag to the above command, the key is saved in the PKCS#1 format as required.
 
- Delete the server.pass.keyfile:rm server.pass.key
- Request and generate the certificate:
openssl req -new -key server.key -out server.csr
- Enter the requested information. Press Enter when prompted to challenge the password. To skip entering a company name, enter a period (.).
- Generate the SSL certificate:
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
The output of the SSL certificate is the server.crt file which contains the self-signed certificate in PEM format. The certificate includes the public key and other details such as, the issuer, validity period and the signature. Use the certificate when you create the certificate in ServiceNow. For more information, see Create a certificate in ServiceNow.
[NEXT] Was this article helpful?
Get user feedback about articles.