How to generate self-signed certificates in Windows?
This article will explain self-signed certificates and how to create one.
Introduction
First of all, before starting self-signed certificates, we need to understand in simple terms that the certificates are SSL certificates that are digitally signed, and the main purpose of it is for the website, code, or file authenticity and enable the encrypted connection.
So no one should alter your original traffic, code, or file. You can read more about the certificate on the wiki page: https://en.wikipedia.org/wiki/Certificate_authority
Certificates are digitally signed by the public trusted certificate authority (CA) and which are not signed by the CA are called self-signed certificates.
https://en.wikipedia.org/wiki/Self-signed_certificate
We can create self-signed certificates with several methods (explained in this article) and are the best for testing and development environments.
Ways to create self-signed certificates
- Online tool
- IIS (Best way for windows)
- PowerShell (Best way for windows)
- OpenSSL
Let’s explore them.
1. Online Tools
Some websites are there which provide to generate self-signed certificates online. For example,
https://getacert.com/getacert.html
There are many other websites you can google and get but make sure you are requesting the test certificate and not providing any confidential details.
2. IIS
Another best and easy way to generate a Self-signed certificate is using IIS. The IIS certificate generation process is GUI based and easy for the record.
For that, you need IIS in one system, it may be a server or your own laptop. Once you have IIS installed, follow the below steps.
a. Open IIS manager -> Click on Machine Name -> Server Certificates.
b. Create a Self-Signed Certificate from the right side Actions Pane.
c. Provide the friendly name of the certificate and select the Personal store (Store option might not available in older version) and click OK.
Once that is done, you can see the certificate from the IIS server certificates
You can download this certificate from the personal store as well.
3. PowerShell
If you love PowerShell then this platform can generate the self-signed SSL certificate for you. Powershell uses the New-SelfSignedCertificate cmdlet to generate it. This cmdlet is available in the PKI module. If you don’t find it in the system then you can download the module from the PowerShell gallery.
https://www.powershellgallery.com/packages/PSPKI
To generate the self-signed SSL certificate using cmdlet, use the below command.
New-SelfSignedCertificate -DnsName "theAutomationCode.com" -CertStoreLocation "cert:\LocalMachine\My"Output:
The above command generates the self-signed certificate with the DNS name (Subject Name) “theAutomationCode.com” in the LocalMachine’s personal store. Let’s open the personal store (Certificate Manager -> Local Machine -> Personal -> Certificates).
This certificate is valid for 1 year (by default). You can use multiple DNS names. For more information about this cmdlet, refer to MS documentation.
4. OpenSSL
Folks working on the Non-Windows operating system, generally prefer to OpenSSL because it is readily available in few Linux flavours or you can download from OpenSSL official page.
For Windows OS using OpenSSL is little tricky so we won’t explore OpenSSL method here but you can experiment for windows os.
First, clone its git repository.
https://github.com/openssl/openssl#download
Second, follow the steps provided for windows platform.
https://github.com/openssl/openssl/blob/master/NOTES-WINDOWS.md
Conclusion
As it seems OpenSSL setup for windows is little challanging, use the IIS or PowerShell for windows as they are simple and the quickest way to generate certificate.
