15.2 Steps

After installing OpenSSL, open a CMD prompt and navigate to the directory where OpenSSL was installed (For example: C:\OpenSSL-Win64\bin).

  1. Generate a key for the CA (certification authority). To generate a 4096-bit long RSA (creates a new file CA_KEY.key to store the random key), using the following command (CMD):
    openssl genrsa -out CA_KEY.key 4096
  2. Create your self-signed root CA certificate CA_CERT.crt; you need to provide some data for your Root certificate, using the following command (CMD):
    openssl req -new -x509 -days 1826 -key CA_KEY.key -out CA_CERT.crt
  3. Create the custom certificate, which is signed by the CA root certificate created earlier. First, generate the Custom.key, using the following command (CMD):
    openssl genrsa -out Custom.key 4096
  4. To generate a certificate request file (CSR) using this generated key, use the following command (CMD):
    openssl req -new -key Custom.key -out CertReq.csr
  5. Process the request for the certificate and get it signed by the root CA, using the following command (CMD):
    openssl x509 -req -days 730 -in CertReq.csr -CA CA_CERT.crt -CAkey CA_KEY.key -set_serial 01 -out CustomCert.crt