Install OpenSSL on a windows machine
You can use OpenSSL on a Windows machine to to proceed some cryptographic operations (generation of a private key, of a CSR, certificate conversion...).
Access the official website:
http://www.openssl.org/
Then download the "binary" program for Windows: > related > Binaries :
http://www.openssl.org/related/binaries.html
For cryptographic standard operations linked to certificates, the "Lite" version is sufficient. For certains versions of Windows (Windows 2000, windows XP...) you will have to install "Visual C++ 2008 Redistributables" as well.
Use OpenSSL on a Windows machine
The standard installation of OpenSSL under Windows is made on "C:\OpenSSL-Win32" and the executable is stored in the sub-repertory "bin". To execute the programm via the Windows xommand Prompt, provide the full path:
>C:\OpenSSL-Win32\bin\openssl ...
The version 1.0 of OpenSSL needs a "openssl.cnf" configuration file. The repertory /usr/local/openssl not being present on Windows machines, precise with the parameter -config a path to this configuration file. We provide standard files on the bottom of this page. For example:
>C:\OpenSSL-Win32\bin\openssl -config "C:\Program Files\Apache Software Foundation\Apache2.2\conf\openssl.cnf"
If you still encounter the error:
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
openssl:Error: '-config' is an invalid command.
Execute the following command first:
set OPENSSL_CONF=c:\OpenSSL-Win32\bin\openssl.cnf
Concerning the version "OpenSSL v0.9.8t Light", no need for the opens.cnf file, a default configuration will be taken into account.
To get (or renew or reissue) a certificate for Apache under Windows for example, you'll have to generate a CSR and its private key. To do so, we advise the use of our online wizard to execute the OpenSSL command with the adequate parameters.
Issues encountered on Windows while generating a CSR via one command
According to the version of OpenSSL you installed or to the the installation method on Windows, you may encounter error messages such as:
config or req is not recognized as an internal or external command
Check the syntax and the quotes when executing your command.
Unable to load config info from /usr/local/ssl/openssl.cnf
OpenSSL relies here on a Linux default arborescence.
Troubleshooting: execute simplified commands:
Reminder:
- To launch the command prompt, go to the start menu and execute "cmd".
- To paste the following command lines in dos command prompt, right click and select paste.
- To go to the repertory in which is installed OpenSSL, execute:
cd c:\
cd OpenSSL (or cd OpenSSL-Win32)
cd bin
The private key is generated with the following command. Define a file name that suits you:
C:\OpenSSL\bin\openssl.exe genrsa 2048 > site-file.key
then use this command to generate the CSR:
C:\OpenSSL\bin\openssl.exe req -new -key site-file.key > site-file.csr
or this one:
C:\OpenSSL\bin\openssl.exe req -new -key site-file.key -config "C:\OpenSSL\openssl.cnf" -out site-file.csr
On some platforms, the openssl.cnf file that OpenSSL reads by default to create the CSR is not the right one or does not exist. In that case download ours and store it in C:\OpenSSL\openssl.cnf:
For Symantec or Thawte server certificates: openssl-dem-server-cert-thvs.cnf
For TBS X509 or Comodo server certificates: openssl-dem-server-cert.cnf
You'll be asked by the system to fill-in fileds ; Fill them in and respect the instructions (more information on Obtain a server certificate)
Country Name (2 letter code) []: (FR for example)
State or Province Name (full name) [Some-State]: (the name of your state in full letters)
Locality Name (eg, city) []: (the name of your city)
Organization Name (eg, company) []: (the name of your organization)
Organizational Unit Name (eg, section) []: (let blank - advised - or provide a generic term such as "IT department")
Common Name (eg, YOUR name) []: (the name of the site to be secured)
Email Address []: (let blank)
Let the other fields blank, they are optional.
You'll get 2 files: site-file.key and site-file.csr. Keep the private key file safe (site-file.key) and copy/paste the content of the site-file.csr file in the order form.
Warning: Do not ever give us or any other third part the private key file. It would then be compromised and the security of your site would be as well.
