How to create a self-signed certificate using openssl?

How to create a self-signed certificate using openssl?

What is a digital certificate?

Digital certificate contains keys for authenticating the holder of the certificate. It is typically issued by a trusted entity called CA (Certificate Authority). Self-signed certificate is used for testing purpose which is issued by yourself without the need for a Trusted CA.

Using OpenSSL to generate self-signed certificate

Open SSL is an open source software that can be used to support SSL in your application. You can download the OpenSSL for Windows here. The software contains set of utilities to generate SSL certificates.

Step 1: Generate the Certificate signing request

C:\>openssl req -x509 -days 1000 -newkey rsa:2048 -keyout sjkey.pem -out sjcert.pem

Enter a pass phrase that you can remember. You need this at a later point of time.

You need to enter the following details. As this is a test certificate, you can enter any random values here

  1. State or Province Name (full name) [Some-State]:
  2. Locality Name (eg, city) []:
  3. Organization Name (eg, company) [Internet Widgits Pty Ltd]:
  4. Organizational Unit Name (eg, section) []:
  5. Common Name (e.g. server FQDN or YOUR name) []:
  6. Email Address []:

This will generate two files

  1. sjkey.pem – Contains your private key
  2. sjcert.pem – Containers your public key

Step 2: Export the keys to PFX

C:\>openssl pkcs12 -export -in sjcert.pem -inkey sjkey.pem -out sj-test-cert.pfx

You will need to enter the passphrase here that was provide earlier while generating the keys files in the first step.

The PFX file needs to have password as it has confidential information. You will be asked for a password in this step

This will create a file sj-test-cert.pfx in the PFX format that contains both the private and public keys.

Step 3: Create Public key certificate from PFX

C:\>openssl pkcs12 -in sj-test-cert.pfx -clcerts -nokeys -out sj-test-cert-public.pem

This will export only the Public key to a file named sj-test-cert-public.pem


At the end of these these steps we would have two files that need to be stored. The PFX file contains the private and public key that need to be stored securely and the password used to encrypt should not be shared. This PFX file is used for signing the content. The Public key file generated at the last step contains the Public key that has to be shared with others who need to verify the content signed by you.

Hope this information was useful to you. Please let me know if you have any questions that I can answer.

Please follow and like my blog:

How to enable Windows Containers

Microsoft support for Windows containers started with Windows Server 2016 and Windows 10 Anniversary edition.

Windows supports two types of containers Native and Hyper-V. They differ in the isolation provided by the Operation System.

The native containers are treated as any other process by the operation system. Hyper-V containers are run under a light weight Virtual Machine. This enables an additional layer of isolation for the containers. The container image format is the same for both type of containers. It is only the run time isolation that is different.

Windows 10 supports only Hyper-V containers. Due to this when we want to build and run containers on Windows we need to enable the following features.

a. Containers

b. Hyper-V

The following images depicts how these features can be enabled from the Windows feature installation UI.

After enabling these features you need to restart the machine.

Please follow and like my blog:

Setting up secure web site communication in Apache web server

Securing your website is a common requirement these days. You need to get SSL certificate for your domain to secure the communication between the browser and the Web Server. There are many sources like Let’s Encrypt who provide these SSL certificates for free.

If you are setting up SSL certificate using a control panel like VestaCP. The SSL certificate is automatically issued for your domain. But, the users are not automatically redirected from the HTTP to HTTPS URL.

This rule needs to be configured in Apache web server using the .htaccess file. This file is used to enable or disable any additional functionality/features in the Apache Web server.

Adding the following few lines to .htaccess and placing it at the root directory of your domain does this trick. Users will now be automatically redirected to the secure HTTPS URL even when they type unsecure HTTP URL.


Please let me know your views on this.

Please follow and like my blog: