@Version : 2.0.0
@Build : 4f023e2b0
By using this site, you acknowledge that you have read and understand the Cookie Policy, Privacy Policy, and the Terms. Close


Create an Self-Signed SSL Certificate on Windows

Posted Saturday, September 11th, 2021

Create an Self-Signed SSL Certificate on Windows

There are times as a developer when developing or testing out deployments, you need an SSL certificates to test integrations or identification with other services. A good example is when identfying your application with Azure Active Directory which allows you to authenticate with a certificate.

In this guide you will learn how to create a Self-Signed Certificate that you can use for such kind of authentication or connection.

Install Cygwin.

Cygwin is a linux/unix sub system that will give you Unix/Linux utilities on the Windows environment it is installed in.

We will use OpenSSL which is a full toolkit for SSL and TLS secure connections. This toolkit comes bundled up with Cygwin. Download setup-x86_64.exe and install it. Follow the default steps and finish the install.

You do not need to select any more packages unless you need them. Also don't install cygwin in your root directory i.e. C:\.

Generate the certificate.

First create a private key for the certificate

openssl genpkey -out my-private-key-name.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048

Create a certificate signing request (also CSR or certification request).

openssl req -new -key my-private-key-name.key -out my-private-key-csr-name.csr

Country Name (2 letter code) [XX]:.
State or Province Name (full name) []:.
Locality Name (eg, city) [Default City]:.
Organization Name (eg, company) [Default Company Ltd]:.
Organizational Unit Name (eg, section) []:.
Common Name (eg, your name or your server hostname) []:{your-device-id}
Email Address []:

Check the the CSR that was generated in the above command.

openssl req -text -in my-private-key-csr-name.csr -noout

Sign the certificate and generate the public key to be given to remote peers that will connect with your host.

openssl x509 -req -days 365 -in my-private-key-csr-name.csr -signkey my-private-key-name.key -out my-public-key-name.crt

See key thumb print which you need when telling your system or apps to use the key.

openssl x509 -in my-public-key-name.crt -noout -fingerprint

Export your x509 certificate and private key to a pfx file which you can use to import the key set into a your windows or other environments.

openssl pkcs12 -export -out my-public-private-key.pfx -inkey  my-private-key-name.key -in my-public-key-name.crt

Import the Certificate into Windows

On Windows, Click start menu then Type run and press Enter

Type mmc and press Enter or Click Ok

On the Console Root, Click File > Add / Remove Snap-in..

On the Add / Remove Snap-in Window, Find and Double click on Certificates. Choose My Current Account and Click Finish.

Click okay to go back to Console

Navigate to Certificate Current User > Personal > Certificates. Go to More Actions > Alls Tasks > Import.

On the import window, click next and browse files then select my-public-private-key.pfx . Click Open and follow the wizard to finish.

You have now imported your certificate and it is ready for use on your windows machine.



Thank you for finding time to read my post. I hope you found this helpful and it was insightful to you. I enjoy creating content like this for knowledge sharing, my own mastery and reference.

If you want to contribute, you can do any or all of the following 😉. It will go along way! Thanks again and Cheers!