DEV Community


Posted on

How to create Self-signed SSL certificate on Windows.

Create Self-signed SSL certificate on Windows

Now as web application manager we need the SSL certificate in a daily basis to do some testing. Some times you want run Intranet application you need SSL certification as well. So buying a new certificate is costly when you have low IT budget. So you do the same thing to generating self-signed SSL certificate on windows system.There are several way to do that but the easiest way to create the SSL certificate is using OpenSSL. OpenSSL is opensource software so you don't have any additional cost for that as well. Just you need to do the below steps.
First create a root ca certificate. Then create your individual server certificate. At last you have signed the the in individual server certificate with your root ca certificate. Now you have your own self-signed SSL Certificate ready.

What Is Open SSL?

OpenSSL is an open source implementation of the SSL and TLS protocols. It provides an encryption transport layer on top of the normal communications layer. Allowing it to be intertwined with many network applications and services. The default SSL Profile in the Cloud Management Console has a generic Common Name. When associating an SSL profile to a Gateway Cluster? If using the default SSL Profile, your application making API calls may fail to verify the host name. It is connecting to against the certificate presented. In this case, you can generate a new self-signed certificate that represents a common name your application can validate. This topic tells you how to generate self-signed SSL certificate requests using the OpenSSL toolkit to enable HTTPS connections.

OpenSSL is often used to encrypt authentication of mail clients and to secure web based transactions such as credit card payments. Some ports, such as www/apache24 and databases/postgresql91-server. Include a compile option for building with OpenSSL.

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) & Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.

OpenSSL is licensed under an Apache-style license. Which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
o Create self-signed SSL certificate on Windows system using OpenSSL follow below Steps.
First install the OpenSSL

  1. To create the self-signed SSL certificate first you have to install the OpenSSL application in your windows system. You can download the application from here.OpenSSL-installtion

Install the software in “C:\Program Files\OpenSSL-Win64” location. Then Click Next and finish the installation.

  1. After completing the installation open the command prompt

Create a temporary directory “demo”

md demo

cd demo

set RANDFILE=c:\demo.rnd

set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
  1. Now lunch the openssl.exe by running the below command

“C:\Program Files\OpenSSL-Win64\bin\openssl.exe”

Use the “” to run the command

  1. Now you have to create key file for your CA certificate

genrsa -out can.key 2048

  1. Now create the root CA certificate using the key file

req -new -x509 -days 1826 -key can.key -out canew.crt

It will ask for some details like Country Name, Sate, City, Organization Name FQDN name. FQDN name should be your domain name who have the certificate authority of your domain.

  1. Now generate public key for your application SSL certificate.

genrsa -out ianew.key 2048

  1. Now create a CSR with the newly created public key “ianew.key”

req -new -key ianew.key -out ianew.csr

It will ask for some details like Country Name, Sate, City, Organization Name and FQDN name. FQDN name should be your host/computer FQDN name of you web server or application server.

  1. Now singed the csr certificate with you root CA certificate which you created in step no 2.

x509 -req -days 1826 -in ianew.csr -CA canew.crt -CAkey can.key -set_serial 01 -out ianew.crt

Now your self sign-certificate is ready You have to install the root ca certificate on your client system to avoid the certificate error.


Now you can deploy the self-signed SSL certificate to your web server hosted in Windows or Linux. This easy way you can create self-signed SSL certificate on Windows by using OpenSSL.

Top comments (2)

Some comments may only be visible to logged-in visitors. Sign in to view all comments.