Self Signed Certificate creation
1. Open a command prompt and go to ROOT\openssl\bin
2. Use The following commands to generate keys
openssl req -new -nodes -out server.csr -keyout server.key -config openssl.cnf
The output of this command will look likeUsing configuration from openssl.cnf
Loading 'screen' into random state - done Generating a 1024 bit RSA private key ............++++++ .........++++++ writing new private key to 't1key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) :US State or Province Name (full name) :CA Locality Name (eg, city) :RD Organization Name (eg, company) :TP Organizational Unit Name (eg, section) :OU Common Name (eg, your websites domain name) .*.techpaste.com Email Address :test@ example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :
This will generate server.key and server.csr under ROOT\openssl\bin
3. Next generate certificates from this keys
openssl req -x509 -days 900 -in server.csr -key server.key -out server.crt -config openssl.cnf
4 This will create the certificate file
5. Once the certificates are created we have to copy these certificates to appropriate locations so that application can access it.
Example for Apache after providing the ssl certificate locations we have to copy the crt and keys to the conf directory like below example.
ROOT\openssl\bin>copy /y server.key ROOT\Apache\conf\ssl.key\server.key ROOT\openssl\bin>copy /y server.crt ROOT\Apache\conf\ssl.crt\server.crt ROOT\openssl\bin>copy /y server.csr ROOT\Apache\conf\ssl.csr\server.csr
— Restart the apache services