15.2 Steps
After installing OpenSSL, open a CMD prompt and navigate to the directory where OpenSSL was installed (For example: C:\OpenSSL-Win64\bin).
- Generate a key for the CA
(certification authority). To generate a 4096-bit long RSA (creates a new file
CA_KEY.key
to store the random key), using the following command (CMD):openssl genrsa -out CA_KEY.key 4096
- Create your self-signed root CA
certificate
CA_CERT.crt
; you need to provide some data for your Root certificate, using the following command (CMD):openssl req -new -x509 -days 1826 -key CA_KEY.key -out CA_CERT.crt
- Create the custom certificate, which
is signed by the CA root certificate created earlier. First, generate the
Custom.key
, using the following command (CMD):openssl genrsa -out Custom.key 4096
- To generate a certificate request
file (CSR) using this generated key, use the following command (CMD):
openssl req -new -key Custom.key -out CertReq.csr
- Process the request for the
certificate and get it signed by the root CA, using the following command (CMD):
openssl x509 -req -days 730 -in CertReq.csr -CA CA_CERT.crt -CAkey CA_KEY.key -set_serial 01 -out CustomCert.crt