Skip to main content

Create Self-Signed SSL Certificate and Keys for Testing

For production systems you will need to get SSL certificates from a Certificate Authority. For test systems, creating a self-signed SSL certificate and keys using OpenSSL is quite easy.

You will need to have OpenSSL installed.

Create a public/private key file pair:

Windows:

  1. Create a new directory on the drive Iguana is installed and give it an appropriate name (i.e., Test).

  2. Open a Command Prompt window and go to the new directory. For example

cd Test

  1. Type the path of the OpenSSL install directory, followed by the RSA key algorithm. For example:

c:openssl\bin\openssl genrsa -out privkey.pem 4096

You will see the key being generated:

Loading 'screen' into random state - done   
Generating RSA private key, 4096 bit long modulus   
.................................+++   
...........................................+++   
e is 65537 (0x10001)

  1. Run the following command to split the generated file into separate private and public key files

c:openssl\bin\openssl rsa -in privkey.pem -out pubkey.pem -pubout -outform PEM

Linux or Mac OS X:

  1. Use the ssh-keygen utility which is included as part of most POSIX systems.

  2. Create a new directory and give it an appropriate name (i.e., Test).

  3. Open a Command Prompt window and go to the new directory. For example:

cd Test

  1. Use the rsa option to create a public private key pair (using your email as a comment):

ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -m PEM

Create a certificate file:

Windows:

  1. Open a command prompt window and go to the directory you created earlier for the public/private key file. For example:

cd Test

  1. Enter the path of the OpenSSL install directory, followed by the self-signed certificate algorithm. For example:

c:openssl\bin\openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

  1. Follow the instructions that appear in the screen. For example:

You are about to be asked to enter information that will be incorporated   
into your certificate request.   
What you are about to enter is what is called a Distinguished Name or a DN.   
There are quite a few fields but you can leave some blank   
For some fields there will be a default value,   
If you enter '.', the field will be left blank.   
-----   
Country Name (2 letter code) [AU]:CA   
State or Province Name (full name) [Some-State]:Ontario   
Locality Name (eg, city) []:Toronto   
Organization Name (eg, company) [Internet Widgits Pty Ltd]:iNTERFACEWARE   
Organizational Unit Name (eg, section) []:   
Common Name (eg, YOUR name) []:   
Email Address []:

Linux or Mac OS X:

  1. Open a command prompt window and go to the directory you created earlier for the public/private key file. For example:

cd Test

  1. Enter the path of the OpenSSL install directory, followed by the self-signed certificate algorithm. For example:

/<path to openssl>/openssl/bin/openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

  1. Follow the instructions that appear in the screen. For example:

You are about to be asked to enter information that will be incorporated   
into your certificate request.   
What you are about to enter is what is called a Distinguished Name or a DN.   
There are quite a few fields but you can leave some blank   
For some fields there will be a default value,   
If you enter '.', the field will be left blank.   
-----   
Country Name (2 letter code) [AU]:CA   
State or Province Name (full name) [Some-State]:Ontario   
Locality Name (eg, city) []:Toronto   
Organization Name (eg, company) [Internet Widgits Pty Ltd]:iNTERFACEWARE   
Organizational Unit Name (eg, section) []:   
Common Name (eg, YOUR name) []:   
Email Address []: