Create selfsigned certificates using OpenSSL on Windows
Sometimes you find yourself in the need to create a SSL certificate when there is no CA available.
In those cases I like to use OpenSSL. OpenSSL is an open source application and is also available for Windows Platform.
Once you have installed OpenSSL creating a selfsigned certificate can be achieved following the below steps:
- Open a CMD prompt with administrative rights
- Browse to your OpenSSL directory
- Startup OpenSSL
- Create a certificate request and your own private key
req -out rootsecurity.csr -new -newkey rsa:2048 -nodes -keyout rootsecurity.key
- Provide your country code
- Provide your Province or State name
- Provide your City name
- Provide your Company name
- Provide a OU name
- Provide the Common Name! This is the name you like the certificate to use!
- Optional provide Email address
- Optional provide a challenge password
- Optional provide an optional company name
- Click enter
- Check you have both a .csr and .key file within the OpenSSL\bin directory
- Sign your .csr file using your privatekey (In this example the certificate will expire in 365 days)
x509 -req -days 365 -in rootsecurity.csr -signkey RootSecurity.key -out rootsecurity.cer
- Check you have a .cer file within the OpenSSL\bin directory and see it created with the expected common name en expiration date
- Create a PFX file by combining the .cer and .key files.
pkcs12 -export -out rootsecurity.pfx -inkey RootSecurity.key -in rootsecurity.cer
- Provide an export password
- Check you have a .pfx file within the OpenSSL\bin directory