Friday, May 17, 2013

Creating SSL/HTTPS Certificate Request with Open SSL

Sometimes, we are required to launch a simple HTTPS website for security reason or simply for testing purposes.

Here is some simple steps to get SSL certificate for your website:

Step 1: Download and Install OpenSSL from

Step 2: Open command prompt (if you are using Windows)

Step 3: Run: openssl genrsa -des3 -out server.key 2048
Run this command if see openssl.cnf not found error:
set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

Step 4: Run: openssl req -new -key server.key -out server.csr
Now you will have server.key and server.csr in your openSSL/bin folder, server.key is your private key while server.csr is used to request the certificate from Certificate Authority

C:\OpenSSL-Win32\bin>set OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg

C:\OpenSSL-Win32\bin>openssl genrsa -des3 -out server.key 2048
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

C:\OpenSSL-Win32\bin>openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key:
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:SG
State or Province Name (full name) [Some-State]:Singapore
Locality Name (eg, city) []:Singapore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home Pte Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 5: Buy the SSL certificate (e.g.

Step 6: Submit your server.csr file and your will receive server.cer which is your SSL certificate
You will need server.key, server.csr and server.cer if you are using Apache web server.