Sometimes you find yourself in the need to create a SSL certificate when there is no CA available.
In those cases I like to use OpenSSL. OpenSSL is an open source application and is also available for Windows Platform.
To get your own copy browse to the following link and download the Win32 OpenSSL v0.9.8y Light or Win64 OpenSSL v1.0.0k Light depending on your Windows version.
Once you have installed OpenSSL creating a selfsigned certificate can be achieved following the below steps:
- Open a CMD prompt with administrative rights
- Browse to your OpenSSL directory
- Startup OpenSSL
- Create a certificate request and your own private key
req -out rootsecurity.csr -new -newkey rsa:2048 -nodes -keyout rootsecurity.key
- Provide your country code
- Provide your Province or State name
- Provide your City name
- Provide your Company name
- Provide a OU name
- Provide the Common Name! This is the name you like the certificate to use!
- Optional provide Email address
- Optional provide a challenge password
- Optional provide an optional company name
- Click enter
- Check you have both a .csr and .key file within the OpenSSL\bin directory
- Sign your .csr file using your privatekey (In this example the certificate will expire in 365 days)
x509 -req -days 365 -in rootsecurity.csr -signkey RootSecurity.key -out rootsecurity.cer
- Check you have a .cer file within the OpenSSL\bin directory and see it created with the expected common name en expiration date
- Create a PFX file by combining the .cer and .key files.
pkcs12 -export -out rootsecurity.pfx -inkey RootSecurity.key -in rootsecurity.cer
- Provide an export password
- Check you have a .pfx file within the OpenSSL\bin directory
RootSecurity 