Here’s a step-by-step guide to generate a self-signed SSL certificate using OpenSSL:
Install OpenSSL on your system if it’s not already installed. You can download OpenSSL from their official website.
Open a terminal or command prompt and navigate to the directory where you want to generate the SSL certificate.
Run the following command to generate a private key:
openssl genrsa -out key.pem 2048
This will generate a private key with a 2048-bit key length and save it to a file named “key.pem”.
Run the following command to generate a certificate signing request (CSR):
openssl req -new -key key.pem -out cert.csr
This will generate a CSR using the private key you just created and save it to a file named “cert.csr”. You will be prompted to provide some information about your organization and the domain name you want to secure.
Now run the following command to generate a self-signed SSL certificate:
openssl x509 -req -days 365 -in cert.csr -signkey key.pem -out cert.pem
This will generate a self-signed SSL certificate with a validity of 365 days and save it to a file named “cert.pem”.
That’s it! You have now generated a self-signed SSL certificate using OpenSSL. Note that this certificate is not trusted by any browser or operating system, so it should only be used for testing purposes or on a private network. If you need a trusted SSL certificate for a production website, you should purchase one from a reputable certificate authority.
During the SSL generation you might face this issue
req -new -key C:\xampp\htdocs\generateSSL\key.pem -out C:\xampp\htdocs\generateSSL\cert.csr -config "C:\xampp\apache\conf\openssl.cnf" problem creating object tsa_policy1=1.2.3.4.2 25396:error:08064066:object identifier routines:OBJ_create:oid exists:crypto\objects\obj_dat.c:698: error in req
The error message suggests that the OID already exists in the OpenSSL object data file. This could happen if you have multiple OpenSSL installations on your system, or if there are other configuration files on your system that are using the same OID.
To fix this error, you can try assigning a different OID to the TSA policy object, as we did before. However, this time, you should choose an OID that is not already defined in the OpenSSL object data file.
Here’s how you can do this:
- Open your OpenSSL configuration file in a text editor. In your case, the file is located at “C:\xampp\apache\conf\openssl.cnf”.
- Search for the section of the file that defines the TSA policy object. It should look something like this:
[tsa]
default_tsa = tsa_config1
[tsa_config1]
...
tsa_policy1 = 1.2.3.4.1
...
3. Change the value of “tsa_policy1” to a different OID that is not already defined in the OpenSSL object data file. You can use any valid OID that starts with a number greater than 1. For example, you could change it to “1.2.3.4.999”.
[tsa]
default_tsa = tsa_config1
[tsa_config1]
...
tsa_policy1 = 1.2.3.4.999
...
4. Save the changes to your configuration file and try running the OpenSSL command again.
This should resolve the error you’re seeing
