Create a self signed certificate with OpenSSL

 

Start a Command Prompt (CMD) and browse to the directory where OpenSSL is installed.

openssl genrsa -des3 -out server.domain.local.key 2048
openssl req -new -key server.domain.local.key -out server.domain.local.csr -config C:\OpenSSL-Win32\bin\cnf\openssl.cnf

Provide the following information:

Country Name (2 letter code) [AU]: NL
State or Province Name (full name) [Some-State]: Noord-Holland
Locality Name (eg, city) : Amsterdam
Organization Name (eg, company) [Internet Widgits Pty Ltd: Company
Organizational Unit Name (eg, section) : Department
Common Name (e.g. server FQDN or YOUR name) : server.domain.local
Email Address : <empty>

Please enter the following ‘extra’ attributes to be sent with your certificate request
A challenge password : <empty>
An optional company name : <empty>

openssl x509 -req -days 3650 -in server.domain.local.csr -signkey server.domain.local.key -out server.domain.local.local.crt

openssl pkcs12 -export -in server.domain.local.crt -inkey server.domain.local.key -out server.domain.local.pfx

Copy <servername>.crt en <servername>.pfx to your server and use the Certificates Snap-In to import the certificate.

Note: If the Self-Signed Certificate is used on a Citrix XenDesktop/XenApp Controller to secure traffic between StoreFront and the Controller, you must bind the certificate to port 443. If IIS is not installed use ‘netsh’ to bind the certificate (read this article how to do it).

 

Leave a Reply

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *