In cryptography, X.509 is an important standard for a public key infrastructure (PKI) to manage digital certificates and public-key encryption and a key part of the TLS protocol used to secure web and email communication.

• -x509 : This option generates a self-signed certificate in x509 format.
• -newkey arg: This option creates a new certificate request and a new private key. The argument takes one of several forms. rsa:nbits, where nbits is the number of bits, generates an RSA key which is nbits in size.
• -keyout filename: The newly created private key is written to to the filename indicated in this option.
• -out filename: This specifies the output filename to write to or standard output by default.
• -days n: When the -x509 option is being used this specifies the number of days to certify the certificate for. The default is 30 days.