SSL (Secure Socket Layer) is used for encryption and decryption, processing of S/MIME signed or encrypted mails, generation of certificates and more. To use it on Windows (32 and 64 bit versions), download the OpenSSL tools from code.google.com/p/openssl-for-windows/downloads/list.
Uncompress it anywhere you like and start it by double-clicking the openssl.exe executable in the \bin folder.

If you create files with OpenSSL, they will appear in the \bin directory by default.
To create a self-signed SSL certificate, you first need a key. Create it like this:

genrsa -des3 -out server.key 4096

Type in your desired key (password) and confirm it. Next, you need a certificate request. Create it as follows and give the path to the config file in the -config option (it should be in the directory where you unpacked the files to):

req -config C:\path\to\openssl.cnf -new -key server.key -out server.csr

Next, sign the certificate request:

x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The -days option specifies how long the certificate will be valid - mine will be for one year. Now you have a signed certificate.
However if you want to use it with programs as Thunderbird or similar, you will need the certificate to be in the .p12 format. To accomplish this, enter following:

pkcs12 -export -in server.crt -inkey server.key -name "Your Full Name" -out server.p12

Facebooktwittergoogle_plusredditlinkedinmail
Tagged on:                                     

4 thoughts on “Create a Self-signed SSL Certificate on Windows

  • April 26, 2014 at 7:10 pm
    Permalink

    Thanks for the correct info.. It worked and one thing I found wrong was, on OpenSSL version 1.0.1g extension of openssl configuration file is .cfg not .cnf but I am not sure about earlier Versions.

    Reply
  • May 5, 2014 at 10:23 am
    Permalink

    nb You must start openssl.exe using “Run as Administrator”.

    Reply
  • September 7, 2015 at 5:17 am
    Permalink

    It helped me so much. Thank you. You saved my life lol

    Reply
  • July 22, 2016 at 11:20 am
    Permalink

    If you need to you can set the location of the openssl file like this (adjust as needed)
    set OPENSSL_CONF=C:/openssl/bin/openssl.cnf

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *