GenerateSelfSignedCertificate()
Generates a self-signed SSL/TLS certificate.
Useful for development, testing, and internal services where you don't need a Certificate Authority.
Requires Extension: Crypto Extension
GenerateSelfSignedCertificate( privateKey=any, publicKey=any, keyPair=struct, subject=string, validityDays=numeric, algorithm=string );
Returns: String
| Argument | Description | Default |
|---|---|---|
|
privateKey
any,
optional
|
edit
Private key (PEM string or Java object). Provide either privateKey+publicKey OR keyPair. |
|
|
publicKey
any,
optional
|
edit
Public key (PEM string or Java object). Provide either privateKey+publicKey OR keyPair. |
|
|
keyPair
struct,
optional
|
edit
Struct with 'private' and 'public' keys (from GenerateKeyPair or Lucee's built-in GenerateRSAKeys). Provide either keyPair OR privateKey+publicKey. |
|
|
subject
string,
required
|
edit
X.500 distinguished name (e.g., CN=localhost, O=My Company, C=AU) |
|
|
validityDays
numeric,
optional
|
edit
Number of days the certificate is valid |
365 |
|
algorithm
string,
optional
|
edit
Signature algorithm (e.g., SHA256withRSA, SHA256withECDSA). Auto-detected if omitted. |
Examples
edit// Generate a self-signed certificate for development/testing
keyPair = GenerateKeyPair( "RSA-2048" );
// Pass the key pair as a struct
cert = GenerateSelfSignedCertificate(
keyPair = keyPair,
subject = "CN=localhost, O=My Company, C=AU"
);
// cert is a PEM string starting with "-----BEGIN CERTIFICATE-----"
// Or pass private and public keys individually
cert = GenerateSelfSignedCertificate(
privateKey = keyPair.private,
publicKey = keyPair.public,
subject = "CN=localhost, O=My Company, C=AU"
);
// Custom validity period (default is 365 days)
cert = GenerateSelfSignedCertificate(
keyPair = keyPair,
subject = "CN=localhost",
validityDays = 730 // 2 years
);
// Works with EC keys too
ecKeyPair = GenerateKeyPair( "P-256" );
cert = GenerateSelfSignedCertificate(
keyPair = ecKeyPair,
subject = "CN=ec-test.example.com"
);
// Each certificate gets a unique serial number, even when generated rapidly
See also
- Cryptography
- CertificateInfo()
- CertificateToPem()
- GenerateCSR()
- GenerateKeyPair()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)