Return to Answer

The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").

The openssl req command from the answer by @Tom is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").

The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").

The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").

The openssl req command proposed by @Tom H is correct to create a self-signed certificate incl. password-less private key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

But: the trick to create a private key without passphrase is -nodes in the command ("No DES encryption please!"). Omitting -des3 as proposed by @MadHatter is not enough!

(Details: Omitting -des3 is enough for the openssl genrsa ("create a private key") and openssl rsa ("convert a private key") commands. Just not for for openssl req.)

The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert 

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").