Generating a New Self-Signed SSL Certificate

You may need to generate a self-signed certificate because:

  • You don't plan on having your certificate signed by a CA.
  • You wish to test your new SSL implementation while the CA is signing your certificate.
  1. Create a working directory

    Go to Start menu > All Programs > Accessories > Command Prompt and create a new working directory:

    > mkdir c:\ssl
    > cd c:\ssl
  2. Generate a self-signed certificate using OpenSSL.
    This temporary certificate will generate an error in the client's browser that warns the client that the signing certificate authority is unknown and not trusted. To generate a temporary certificate (which is good for 365 days), run the following command:
    > openssl x509 req -days 365 -in csr_name.csr -signkey key_name.key -out cert_name.crt