I'm a bit confused by this command for generating a self-signed certificate from an otherwise clear tutorial on OpenSSL:
openssl req \
-x509 -nodes -days 365 -sha256 \
-newkey rsa:2048 -keyout mycert.pem -out mycert.pem
I understand this generates a request for a self-signed x509 certificate, and not a certificate request to be signed by a CA, but the private key is in the generated certificate file and sounds dodgy to me since the private key shouldn't be sent with the certificate.
Is this an error or how this is supposed to work?
-keyout mycert.pem -out mycert.pem
)? Next, I will go deeper.