windows下生成自签名SSL证书

On 2011年11月30日, in tips, by netoearth

SSL (Secure Socket Layer) is used for encryption and decryption, processing of S/MIME signed or encrypted mails, generation of certificates and more. To use it on Windows (32 and 64 bit versions), download the OpenSSL tools from code.google.com/p/openssl-for-windows/downloads/list.
Uncompress it anywhere you like and start it by double-clicking the openssl.exe executable in the \bin folder.

If you create files with OpenSSL, they will appear in the \bin directory by default.
To create a self-signed SSL certificate, you first need a key. Create it like this:

genrsa -des3 -out server.key 4096
Type in your desired key (password) and confirm it. Next, you need a certificate request. Create it as follows and give the path to the config file in the -config option (it should be in the directory where you unpacked the files to):

req -config C:\path\to\openssl.cnf -new -key server.key -out server.csr
Next, sign the certificate request:

x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The -days option specifies how long the certificate will be valid – mine will be for one year. Now you have a signed certificate.
However if you want to use it with programs as Thunderbird or similar, you will need the certificate to be in the .p12 format. To accomplish this, enter following:

pkcs12 -export -in server.crt -inkey server.key -name “Your Full Name” -out server.p12

 

Tagged with:  

Comments are closed.