Use OpenSSL to generate SSL certificate request on Windows

This HOWTO will help you generate a SSL certificate request for non-IIS machines, using the tool called OpenSSL. Below are the files that are required and instructions:

First you need OpenSSL, and the config file(right-click and 'Save Target As...') Copy the config file into the same location as the openssl.exe (usually c:program filesgnuwin32bin)

Next you will need to generate a key, on which the certificate request will be based on. to do this type:

openssl.exe genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.unsecure
During the process of generating a key, it will ask for you to create a pass phrase. This pass phrase will be used when generating your certificate request, so don't loose it. The second command its for Windows compatibility.

The third step is to generate the certificate request itself, to do this type:

openssl.exe req -new -key server.key -config openssl.cnf -out server.csr
Follow through the on screen instructions and fill out all the fields with the proper information. The first thing it will ask for is the pass phrase that you used while generating the key file. When it asks for you to type in the domain, make sure that you type in the full domain name of the machine you are generating a key for.

Next you need to head over to Verisign and submit the csr file. You will be emailed a certificate. Save the certificate text as a .CRT which is the extension for certificates.

The last and final step is to take the email that verisign sends you and copy out the cert text block. Make sure that the encrypted text is on its own line (not he same line as the "-----BEGIN CERTIFICATE-----") Then run the following command.

openssl pkcs12 -export -in yourSavedCertificate.crt -inkey server.key.unsecure -out yourSavedCertificate.pfx -name "What you want this certificate to be called"
Simply import the CRT via MMC and your done.

Hope this helps...