SSL Certificates – How to request and create SSL Certificates with OpenSSL

Install OpenSSL (Windows)

Follow the following instructions to install and setup OpenSSL on a Windows computer.

  1. Ensure that the Microsoft Visual C++ 2008 Redistributable Package (x86) is installed on the system on which you want to generate the requests. To download the package, see the Microsoft Download Center.
  2. Download the Shining Light Productions installer for Win32 OpenSSL v1.1.0e or later at http://www.slproweb.com/products/Win32OpenSSL.html. This is a software developed from the OpenSSL Project.
  3. Launch the installer (run as administrator) and proceed through the installation
    1. Destination location: C:\OpenSSL-Win32
    2. Start Manu Folder: OpenSSL
    3. Copy OpenSSL DLLs to: The openSSL binaries (/bin) directory

Create a CSR and private key

Follow the below instructions to create a CSR which will be send to the CA Authority to request a certificate.

  1. Open a command prompt (as admin)
  2. md c:\certs\ituda
  3. C:\OpenSSL-Win32\bin\openssl req -new -newkey rsa:2048 -nodes -config c:\OpenSSL-Win32\bin\cnf\openssl.cnf -out C:\certs\ituda\CSR.csr -keyout C:\certs\ituda\privatekey.key
  4. Answer as below:
    1. Country Name: BE
    2. State or Province Name: Brussels
    3. Locality Name: Brussels
    4. Organization Name: ITuDA BV
    5. Organizational Unit Name: IT Services
    6. Common Name: *.ituda.com
    7. Email Address: lieven.dhoore@ituda.com
    8. A challenge password: ********
    9. An optional company name: ITuDA

Request the Certificate

Follow the following instructions to request a certificate from GoDaddy.

  1. Login to the GoDaddy portal http://www.godaddy.com/#
  2. Enter the credentials go to Product / SSL & Security
  3. Request a new wildcard certificate
  4. When prompted for the CSR, copy paste the contents of the “C:\certs\ituda\CSR.csr” and follow the instructions
  5. Download the certificate to “C:\certs\ituda\crtkey.crt”
  6. Download the godaddy root and intermediate certificate bundle to “C:\certs\ituda\godaddy_bundle.crt”

Convert Private Key to RSA Key

Follow the following instructions to convert the private key to an RSA private key

  1. C:\OpenSSL-Win32\bin\openssl rsa -in C:\certs\ituda\wildcard\privatekey.key -out C:\certs\ituda\rsakey.key

Create a PFX

Follow the following instructions to create a PFX certificate.

  1. C:\OpenSSL-Win32\bin\openssl pkcs12 export -out “C:\certs\ituda\pfxkey.pfx” -inkey “C:\certs\ituda\rsakey.key” -in “C:\certs\ituda\crtkey.crt” -certfile “C:\certs\ituda\godaddy_bundle.crt”

Convert PFX to PEM

Follow the following instructions to convert the PFX to a PEM certificate.

  1. C:\OpenSSL-Win32\bin\openssl pkcs12 -in  “C:\certs\ituda\pfkkey.pfx” -out  “C:\certs\ituda\pemkey.pem” –nodes

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.