![]() Make sure that the Common Name you enter here is different from the Common Name you entered previously for the root CA. Then, request a certificate for this subordinate CA: ![]() Next step: create our subordinate CA that will be used for the actual signing. ![]() 1826 days gives us a cert valid for 5 years. The -x509 option is used for a self-signed certificate. Req -new -x509 -days 1826 -key ca.key -out ca.crt Next, we create our self-signed root CA certificate ca.crt you’ll need to provide an identity for your root CA: If you want to password-protect this key, add option -des3. Now you can start OpenSSL, type: c:\OpenSSL-Win32\bin\openssl.exe:Īnd from here on, the commands are the same as for my “Howto: Make Your Own Cert With OpenSSL”.įirst we generate a 4096-bit long RSA key for our root CA and store it in file ca.key: Set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg Then start a command-line prompt (cmd.exe), and go to the demo folder (type: cd \demo).īefore you start OpenSSL, you need to set 2 environment variables: So go ahead and create this folder on your machine. I will create the certificates in folder c:\demo. ![]() The installation of the Redistributables is easy:Īfter this, you can restart the OpenSSL installation: If you install Win32 OpenSSL (32-bit), install Visual C 2008 Redistributables, and if you install Win64 OpenSSL (64-bit), install Visual C 2008 Redistributables (圆4). You can find download links on the same page. Then you need to cancel the installation and install the Visual C 2008 Redistributables first. If you start the installation and get the following message: Warning: don’t use version 1.1.0 or later, you’ll get this error: “problem creating object tsa_policy1=1.2.3.4.1” I choose the 32-bit version because this will work for every Windows machine: the 32-bit version works on 32-bit and 64-bit machines. I installed the latest version (v1.0.2a) and choose the 32-bit version (Win32). If you don’t know how to use the command-line or you don’t want to install OpenSSL to create a simple certificate, I created a tool for Windows that doesn’t require installation: CreateCertGUI.įor your info: I also have a video showing this howto.įirst of all, on Windows you will need to install OpenSLL from binaries. So this post shows the procedure on Windows. Some people following my “Howto: Make Your Own Cert With OpenSSL” do this on Windows and some of them encounter problems. The installer will download the setup application, then launch it.I have an updated version of this how-to here: “ How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)“ (Again, the default is probably fine.)Ĭhoose your appropriate setting for connecting to the Internet, then click the Next > button.Ĭhoose a download site from the list, then click the Next > button. Select a local package directory, then click the Next > button. Leave Root Directory and Install For at their default settings (unless you know that you have some reason to change them), then click the Next > button. Make sure that Install from Internet is selected, then click the Next > button. (You may have to click through a User Account Control warning to run the installer.) exe file and click the Next > button on the window that appears. Visit and download the appropriate installer for your OS (32- or 64-bit). Cygwin offers a simple way to install a large collection of free and open-source software (including OpenSSL) on Windows. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |