Creating the self-signed SSL Certificate in Windows (Browser Trusted)

by Posted on

How we can generate the self-signed SSL and browsers trust certificates in Windows? As a prerequisite, you need to download and install the OpenSSL to your machine first. 

After installing the OpenSSL, go to the following directory and execute the openssl.exe with Administrator mode.
Installed directory: C:/Program Files/OpenSSL/bin/

Then, generate the key and pem files by executing the below commands in OpenSSL command prompt.

genrsa -des3 -out rootCA.key 2048
req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

After that, generate the csr and crt files using down commands again.

req -new -nodes -out server.csr -newkey rsa:2048 -keyout server.key
x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 1024 -sha256

Eventually, prepare the certificate file for IIS.

pkcs12 -inkey server.key -in server.crt -export -out server.pfx

The last step is to import the certificates to the Windows certificate store in order to trust by browsers.

1. Open the Manage Computer Certificates feature under Control Panel or type certlm command from Run box to open the store.

2. Under the left panel find the below sub-menus.
– Certificates – Local Computer
– Personal
– Certificates
– Right-click to that and Import the rootCA.pem and server.pfx files

3. Under the left panel find the below sub-menus.
– Certificates – Local Computer
– Trusted Root Certification Authorities
– Certificates
– Right-click to that and Import the rootCA.pem file

That’s it. I hope this will help. ๐Ÿ™‚
Photo: http://www.pngall.com

Published by Nay Zaw Lin

I am a seeker of knowledge and also coincidentally a Software Engineer.

Leave a Reply

Your email address will not be published. Required fields are marked *