Programming   Browse Topics

Create a Self-Signed SSL Certificate using OpenSSL on Windows

Posted May 12, 2017 by Nick Vogt
This is a simple method for creating a self-signed SSL certificate on Windows. This is useful for testing and development purposes; you shouldn't use a self-signed SSL certificate on a production website.

Get OpenSSL

First make sure you have OpenSSL. It comes with Apache, which you may already have. Here is an example location for the executable in my Apache 2.4 installation:

C:\Program Files\Apache24\bin\openssl.exe
Make sure you have your openssl.exe location in your Windows Path variable so that you can call openssl from anywhere.


Open a command prompt and run this command. Make sure to adjust the location of your openssl.cnf file if needed:

set OPENSSL_CONF=C:\Program Files\Apache24\conf\openssl.cnf

This temporarily sets the OpenSSL config file location.

Now run the command that creates the key and cert file. Be sure to adjust the three instances of HOSTNAME with your host name. You can also change C=US to your country code if you're not in the US.

openssl req -x509 -sha256 -newkey rsa:2048 -days 24855 -nodes -subj "/C=US/CN=HOSTNAME" -keyout HOSTNAME.key -out HOSTNAME.crt

The output of this command will be a .key and a .crt file. I always name these two files based on the name of the host, but you can name them whatever you'd like.
Share This Post
Facebook Twitter


Share This Post
Facebook Twitter
H3XED © Nick Vogt   RSS   Privacy Policy   Facebook   Twitter   Google+