Which command generates a self-signed test certificate?

• A. openssl req -x509 -key privkey.pem -out cacert.pem -days 365
• B. openssl create -key privkey.pem -out cacert.pem -days 365
• C. openssl sign -key privkey.pem -out cacert.pem -days 365
• D. openssl req -new -x509 -key privkey.pem -out cacert.pem

Answer: (A)

The command that generates a self-signed test certificate is correctly identified as the one that combines the necessary options to create and sign a certificate request in a single step. By using the openssl req -x509 command, you indicate that you want to create a self-signed certificate. The -key privkey.pem specifies the private key that will be used to sign the certificate. Once this command is executed, it produces an output file named cacert.pem, which is the self-signed certificate.

The -days 365 argument specifies the validity period of the certificate, which in this case is set to one year. This is a common practice for test or development certificates, allowing them to be valid for a reasonable duration without frequent renewal.

The other options, while similar in structure, do not use the correct syntax or the necessary flags for creating a self-signed certificate.