Precondition,
openssl0.9.7c for windows http://gnuwin32.sourceforge.net/downlinks/openssl-bin.php
Installed the Openssl, and nevigate to installed path C:/Program Files/GnuWin32/bin by cmd window. Create a temporary folder C:/CAtemp to store the generated files
1. Generate a private key
The openssl toolkit is used to generate an RSA Private Key
Using the command belows to generate a private key
C:/Program Files/GnuWin32/bin> openssl genrsa -out C:/CAtemp/server.key 1024
genrsa --> generate RSA key
2. Generate a CSR by the private key (
Certificate Signing Request )
In this step, we use the private key generate from 1 to generate a Certificate that waiting for signing.
--> Here we have 2 choices that.
Firstly, using self-signed to sign the certificate
Secondly, using CA industries to sign the certificate, but it's not free but more reliable
Using the command belows to generate an
CSR
../bin>openssl req -new -key C:/CAtemp/server.key -out C:/CAtemp/server.csr
But we got the following
errors,
../bin> Unable to load config info
../bin> unable to find 'distinguished_name' in config
../bin> problems making Certificate Request
../bin> unable to find 'distinguished_name' in config
../bin> problems making Certificate Request
../bin>
...
It prompt that we miss one config files.
So the
right way described as following,
a. To create a config file named openssl.conf and deploy it at C:/Program Files/GnuWin32/bin, acutally not forced to deploy it here.
The content of the openssl.conf,
[ req ]
default_bits = 1024
default_keyfile = ca-key.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = as12345
[ req_distinguished_name ]
C = CN
ST = Guangdong 测试省份
L = Shenzhen 测试地点
O = Gardent 机构名称
OU = Java 组织单位名称
CN = Aisce 通用名称
emailAddress = email@gmail.com
[ req_attributes ]
challengePassword = 12345678
default_bits = 1024
default_keyfile = ca-key.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
output_password = as12345
[ req_distinguished_name ]
C = CN
ST = Guangdong 测试省份
L = Shenzhen 测试地点
O = Gardent 机构名称
OU = Java 组织单位名称
CN = Aisce 通用名称
emailAddress = email@gmail.com
[ req_attributes ]
challengePassword = 12345678
b. To run the following command to generate the
CSR
../bin>openssl req
-new -key C:/CAtemp/server.key
-out C:/CAtemp/server.csr
-config openssl.conf
-config to import the config file
Now the server.csr has been generated with the config file has been imported
3. Generate self-signed certificate (CRT, CeRtificaTe)
../bin>
openssl
x509
-req
-days 365
-in C:/CAtemp/server.csr
-signkey C:/CAtemp/server.key
-out C:/CAtemp/server.crt
-in : import the CSR certificate
-signkey : the private key that is used to sign the CSR
-out : Generate the certificate
Finally the self-signed certificate has been generated as server.crt.
Reference links: