Menu Share

Make an OpenSSL Certificate for Local Use

If you rather would like to make your own Root certificate and site certificates this is how you do it:

Download the OpenSSL package for your computer: OpenSSL for Windows and install.

Add the OpenSSL location to your Windows path environment variables:

Start > Settings > Control Panel > System > Advanced > Environment Variables > System variables > Path
And then add the bin directory, like: C:\openssl\bin

First you have to make a ROOT CA certificate, to later sign your other certificates with.

Open a command prompt and navigate to the location of the OpenSSL bin directory.

Type openssl and enter, you now have the OpenSSL prompt.

First, the key:

genrsa -out myrootca.key 4096

Then, create the CA certificate: (You get a lot of questions, just answer)

req -new -x509 -days 1826 -key myrootca.key -out myrootca.crt

1826 is the number of days the ROOT certificate will be valid.

Now you have to create a key for your domain, type:

genrsa -out yourdomain.dom.key 2048

Now, generate a CSR, Certificate Signing Request, (Fill out all the fields, your FQDN must be yourdomain.dom, dont use a password)

req -new -key yourdomain.dom.key -out yourdomain.dom.csr -sha256

Next, create the certificate and sign it with your root certificate:

x509 -req -days 360 -in yourdomain.dom.csr -CA myrootca.crt -CAkey myrootca.key -CAcreateserial -out yourdomain.dom.crt -sha256

That's it!

Now you have to import the root certificate, and add the yourdomain certificate and key to your XAMPP / WAMP server, and you have SSL enabled for your local machine.