Create a OpenSSL certificate on Windows [closed]

Question

Since I'm very new to SSL certificates, and the creation and usage of them I figured maybe StackOverflow members can help me out.

I'm from Holland, the common way of online payments is by implementing iDEAL. An online payment protocol supported by the major banks. I have to implement a 'professional' version. This includes creating a RSA private key. Based on that key I have to create a certificate and upload it to the webserver.

I'm on a Windows machine and completely confused what to do. I took a look at the OpenSSL website, because the manual forwarded me to that website to get a SSL Toolkit.

The manual provides two commands which have to be executed in order to create a RSA key and a certificate.

The commands are:

openssl genrsa -des3 –out priv.pem -passout pass:myPassword 1024

and

openssl req -x509 -new -key priv.pem -passin pass:myPassword -days 3650 -out cert.cer

Is there a way I can do this by a utility on a windows machine? I've downloaded PuTTy KeyGenerator. But I'm not sure what to do, I've created a key (SSH-2 RSA, whatever that is..) but how do I create a certificate with that key?

Answer 1

If you're on windows and using apache, maybe via WAMP or the Drupal stack installer, you can additionally download the git for windows package, which includes many useful linux command line tools, one of which is openssl.

The following command creates the self signed certificate and key needed for apache and works fine in windows:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privatekey.key -out certificate.crt

Answer 2

You can download a native OpenSSL for Windows, or you can always use Cygwin.

Answer 3

To create a self signed certificate on Windows 7 with IIS 6...

1. Open IIS

2. Select your server (top level item or your computer's name)

3. Under the IIS section, open "Server Certificates"

4. Click "Create Self-Signed Certificate"

5. Name it "localhost" (or something like that that is not specific)

6. Click "OK"

You can then bind that certificate to your website...

1. Right click on your website and choose "Edit bindings..."

2. Click "Add"

   • Type: https
   • IP address: "All Unassigned"
   • Port: 443
   • SSL certificate: "localhost"

3. Click "OK"

4. Click "Close"

Answer 4

You can certainly use putty (puttygen.exe) to do that.

Or you can get Cygwin to use the utilities you just described.