Create a Self-Signed SSL Certificate using OpenSSL on Windows
May 12, 2017ProgrammingComments (0)
This is a simple method for creating a self-signed SSL certificate on Windows. This is useful for testing and development purposes; you shouldn't use a self-signed SSL certificate on a production website.
First make sure you have OpenSSL. It comes with Apache, which you may already have. Here is an example location for the executable in my Apache 2.4 installation:
Make sure you have your openssl.exe location in your Windows Path variable so that you can call openssl from anywhere.
Open a command prompt and run this command. Make sure to adjust the location of your openssl.cnf file if needed:
This temporarily sets the OpenSSL config file location.
Now run the command that creates the key and certificate file. Be sure to change FILENAME to something you'd like (I usually name these based on the name of the host).
You will be given several prompts to enter information in. You can leave most blank, but must be sure to enter your host name (usually your domain or subdomain) in the "Common Name" field.
Once done, the key and certificate files will be created in the directory where you opened the command prompt.
Get OpenSSL
First make sure you have OpenSSL. It comes with Apache, which you may already have. Here is an example location for the executable in my Apache 2.4 installation:
C:\Program Files\Apache24\bin\openssl.exe
Make sure you have your openssl.exe location in your Windows Path variable so that you can call openssl from anywhere.
Command
Open a command prompt and run this command. Make sure to adjust the location of your openssl.cnf file if needed:
set OPENSSL_CONF=C:\Program Files\Apache24\conf\openssl.cnf
This temporarily sets the OpenSSL config file location.
Now run the command that creates the key and certificate file. Be sure to change FILENAME to something you'd like (I usually name these based on the name of the host).
openssl req -x509 -newkey rsa:2048 -days 365 -nodes -keyout FILENAME.key -out FILENAME.crt
You will be given several prompts to enter information in. You can leave most blank, but must be sure to enter your host name (usually your domain or subdomain) in the "Common Name" field.
Once done, the key and certificate files will be created in the directory where you opened the command prompt.