A Step-by-Step Guide to Creating a Self-Signed Certificate in Windows 10 using OpenSSL & PowerShell

Security is of utmost importance for any website, given the alarming rise in hacking incidents. As a result, turning on security measures is an absolute necessity. Even for development environments, CMS vendors are increasingly demanding secure connections. Luckily, in Windows 10, deploying a self-signed Certificate is quite simple. A self-signed certificate is a great way to secure a website without the cost of purchasing a cryptographic certificate. This is possible because self-signed certificates provide the same level of encryption as purchased certificates.

Through the Certificate Manager, the user can access the certificate store and create and manage certificates. To create a self-signed certificate, you need to understand its meaning and then follow the tutorial guide below.

What is a Self-Signed Certificate?

Self-signed certificates are digital documents that contain a public key and other important information, such as the owner’s identity and/or domain. Unlike certificates issued by a Certificate Authority (CA), self-signed certificates are not backed by any third-party source and are thus considered less secure. 

Self-signed certificates are cheap and easy to create, making them ideal for applications that require low levels of trust. However, since a trusted source does not verify them, they offer little value in assurance. They can’t be used to verify the authenticity of the information included in the certificate. Due to their lack of trustworthiness, using self-signed certificates for sites handling sensitive data, such as financial or medical information, is not recommended. Self-signed certificates can, however, be used to maintain the integrity of data and can be used to encrypt data transmissions. 

Steps for Generating Self-Signed Certificates on Windows 10 using OpenSSL

• First, you need to get the most recent OpenSSL Windows installation from a third-party website.
• Then start the installation process and ensure that for functioning OpenSSL, you must run the Microsoft Visual C++. 

Important note: If Visual C++ is not already installed, the installer will prompt you to install it.

• To install, simply select “Yes” and then run the OpenSSL installer once more, this time selecting the installation path.
• Choose “Next” to get the OpenSSL prompt and create a command option.
• Type OpenSSL, and once you’ve installed OpenSSL, launch Command Prompt.
• Create a new directory on your C drive with C: >cd Test
• Next, navigate to the new directory using: C: Test>
• Now enter the location to the OpenSSL installation directory after the RSA key algorithm given below:

C: Test>c:opensslbinopenssl genrsa -out privkey.pem 4096

• To separate the created file into private and public key files, use the following command:

C: Test>c:opensslbinopenssl ssh-keygen -t rsa -b 4096 -f privkey.pem

Following the generation of the public/private key, follow the further instructions for building a self-signed certificate file on a Windows machine.

• Launch the Command Prompt window.
• Navigate to the place where you saved the public/private key file: C: Test>
• Enter the OpenSSL installation directory path just after the self-signed certificate algorithm:

C: Test>c:opensslbinopenssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095

• Follow the instructions on the screen.
• For the creation of a self-signed certificate, input details about your organization, area, and contact information.

If you’d prefer to utilize PowerShell to generate a self-signed certificate, proceed to the following instructions.

How to Create Self-Signed Certificates on Windows 10 with PowerShell?

The step to generate a self-signed certificate in Windows 10 can also be done using PowerShell, as shown in the process below:

• Enter PowerShell in the search box after pressing the “Windows” key. Select “Run as Administrator” from the PowerShell app’s context menu.
• As indicated below, execute the New-SelfsignedCertificate command:

$cert = New-SelfSignedCertificate -certstorelocation cert:localmachinemy -dnsname testcert.sslwiki.org

• After using the above command, you will be able to save the certificate to your PC’s locater storage. 
• In the given script, replace testcert.sslwiki.org with your domain name.
• Continue by creating a unique password for your export file in this step: 

$pwd = ConvertTo-SecureString -String ‘password!’ -Force -AsPlainText

Important note: The password here should be replaced with your personal password.

• To export your self-signed certificate, use the command provided below:

$path = 'cert:localMachinemy' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:tempcert.pfx -Password $pwd

• Replace c:temp with the location where you wish to export the file in the preceding prompt entered.
• You may then import the exported file and use it in your project.

A command-line program like PowerShell is another excellent way to produce a self-signed certificate on Windows 10. It does not need the installation of any third-party software. Simply enter the relevant command line in PowerShell, and the utility will handle the rest.

Steps for Adding s self-signed certificate to the Windows 10 curls ca file

• You might wish cURL to have faith on the certificate after developing and installing a self-signed certificate.
• A trustworthy listed .pem file is not included in subsequent versions of cURL. The following command should be used in the php.ini file after downloading the .pem file:

curl.cainfo = "C:xamppphpcacert.pem"

• You then need to convince cURL to accept your self-signed certificate. Open your server.crt file to perform this. When you produced your self-signed certificate, the file was generated.
• Add the whole server.crt file’s contents to the cacert.pem file by copying them all.
• Any user can generate a self-signed certificate for OpenSSL with the help of a “PowerShell” or the “Command Prompt.” 

You can establish a temporary certificate for in-progress projects that need an SSL certificate by creating your self-signed certificate.

Wrapping up on Create a Self-Signed Certificate in Windows 10

In summary, self-signed certificates are public key certificates not issued by a certificate authority and are inexpensive and simple to create. They are not considered as secure as certificates issued by a trusted CA. They should not be used for sites handling sensitive data but can be used to maintain data’s authenticity and encrypt data transmissions. We hope you can now create a Self-Signed certificate in Windows 10 without hassle.

Frequently Asked Questions (FAQs):

How can I use CMD to produce a self-signed certificate?

Open the openssl.exe file by right-clicking it and choosing Run as administrator. To start producing a certificate and private key, use the command below:

key -out privateKey. req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout certificate.

How are self-signed certificates created?

Use the Powershell Cmdlet New-SelfSignedCertificate to produce self-signed certificates. The MakeCert utility generates an X. 509 certificate that links your name to the public portion of the key pair and is signed by the test root key or another key you choose. A file, a system certificate store, or both may be used to store the certificate.

The post How to Create a Self-Signed Certificate in Windows 10 appeared first on SSLWiki.