I always find myself forgetting what the right Google terms are to get a self-signed certificate, so I’m going to post them here. I use methods from this blog and this StackOverflow post and this site.
I start out with creating a private key, something like this command:
$ openssl genrsa -des3 -out newKey.pem 1024 Generating RSA private key, 1024 bit long modulus .......................++++++ ...........................++++++ e is 65537 (0x10001) Enter pass phrase for newKey.pem: Verifying - Enter pass phrase for newKey.pem:
That will create a key that you can use to create a self-signed certifcate with this command:
$ openssl req -new -x509 -key newKey.pem -out newCert.pem -days 365 Enter pass phrase for newKey.pem: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:California Locality Name (eg, city) :Culver City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Porkchop Express Shipping Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) :Jack Burton Email Address :[email protected]******
Then for Windows I create x509 and pkcs12 versions of the certificate:
$ openssl pkcs12 -inkey newKey.pem -in newCert.pem -export -out newCert.pfx Enter pass phrase for newKey.pem: Enter Export Password: Verifying - Enter Export Password: $ openssl x509 -outform der -in newCert.pem -out newCert.cer
At the end I’ve created 4 files:
$ ls new* newCert.cer newCert.pem newCert.pfx newKey.pem
Usually these files are all I need for testing applications using certificates. Getting this type of certificate to work with, say, a Java application requires a few more steps but that’s a story for a different day.