Generate a Self-Signed Certificate

<< Click to Display Table of Contents >>

Navigation:  Developer's Guide > Web Deployment > SSL Configuration >

Generate a Self-Signed Certificate

This kind of certificate is good when you don't need a globally signed certificate issued by a certificate authority such as Verisign. You can use a self-signed certificate for development purposes or for private use in your intranet network or over the internet. You can use OpenSSL to generate the certificate files.

 

First, download and install OpenSSL Windows binaries from here (we recommend downloading the lite version of the binaries). After installing it, open a command prompt and follow the instructions below:7yh h

 

a) Generate a self-signed Root certificate.

 

If you already have a root certificate installed in Windows you can try exporting it instead of generating a new one. Simply go to Control Panel and click the Internet Options -> Content -> Certificates. Select the root certificate you want to export. Choose the base64 format and select folder and file name to export. This will export your root certificate in .cer format which you can safely rename to .pem.

 

You can also create a root certificate from scratch.

 

Start a command prompt with administrative privileges.

 

The first step is to create a self-signed root certificate.

 

At command prompt issue following command:

 

openssl genrsa -out root.key 1024

 

This will create a new root.key file with strength of 1024 bits.  Other options are 2048 and 4096. Normally, 1024 bits is enough.

 

If you want to create a root key with a password, use this command instead:

 

openssl genrsa -des3 -out root.key 1024

 

The next step is to self-sign the root certificate.

 

openssl req -x509 -days 365 -new -nodes -key root.key -out root.pem

 

If your root key is created with a password, use this command instead:

 

openssl req -x509 -days 365 -new -key root.key -out root.pem

 

Now you will be prompted to provide several details needed to sign your certificate. You will also be prompted for a password if your root.key file was created with a password in the first step.

 

Enter pass phrase for root.key:
 
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FMSoft
Organizational Unit Name (eg, section) []:R&D
Common Name (eg, YOUR name) []:Farshad Mohajeri
Email Address []:info@fmsoft.net

 

Note: 365 is the number days the certificate will remain valid.

 

This will place a new root.pem file in the current folder. This file will be used in your uniGUI server.

 

b) Generate a self-signed key.

 

The next step is to generate a self-signed key. This step will produce the key.pem and cert.pem files.

 

At command prompt issue the following command:

 

openssl req -x509 -days 365 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem

 

Again, you'll be asked several questions.

 

Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
........++++++
.....++++++
writing new private key to 'key.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:TR
State or Province Name (full name) [Some-State]:Ankara
Locality Name (eg, city) []:Cankaya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:FMSoft
Organizational Unit Name (eg, section) []:R&D
Common Name (e.g. server FQDN or YOUR name) []:Farshad Mohajeri
Email Address []:info@fmsoft.net

 

To create the same key with a password use this command:

 

openssl req -x509 -days 365 -newkey rsa:1024 -keyout key.pem -out cert.pem

 

This time you'll have to enter a password:

 

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

 

This password should be assigned to  SSL->SSLPassword parameter of UniServerModule. (See SSL Configuration )

 
When all above procedures are completed, you will end up with three files named root.pem, key.pem and cert.pem which are required to setup and run your project in SSL mode. These files must be placed in the same folder as your server executable binary.