Sometimes you need a self-signed certificate for the purpose of testing websites or digitally signing files such as PDFs. Your PDF software will probably ask you for a .pfx file. You can generate these on Windows, Mac or linux
On Windows
On windows, with Visual Studio, you can use the makecert utility:
cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\" .\makecert.exe -r -a sha512 -len 4096 -pe -sv c:\users\gerben\documents\example.key -n "CN=Test" c:\users\gerben\documents\example.cer .\pvk2pfx.exe -pvk c:\users\gerben\documents\example.key -spc c:\users\gerben\documents\example.cer -pfx c:\users\gerben\documents\example.pfx -po PasswordForPfxFile
Linux and Mac
Most linux and OSX machines have openssl installed by default. You can generate the various files as follows:
commandprompt> openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout example.key -out example.pem -subj "/C=NL/O=Tester/CN=example.com/emailAddress=test@example.com" commandprompt> openssl pkcs12 -export -out example.pfx -inkey example.key -in example.pem #openssl will ask you for a password. Don't forget it
This will output the following:
File | Description |
---|---|
example.key | Your private key. |
example.pem | The certificate. This also contains your public key |
example.pfx | An encrypted, password protected file that contains both your private and public key |
You can see your public key with the following command:
commandprompt> openssl x509 -in example.pem -pubkey -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC52G+QBJsz1m/rzINSjzABnLjQ 18c+PGMn+w0CxCHsOkIGBRYP80k8+ZznhlMJ2pJ7knM5McHUuYxfBaMU1GraTjS5 c0nb/5AbPR6iWM5rI/Ha02CMmZmSsspq2RhSZZU0Buco0sAqjf9KPn6/uuoNdvTe kDTMIH7cgB+NsJSadwIDAQAB -----END PUBLIC KEY-----
You can see the contents of your certificate using the following command:
commandprompt> openssl x509 -in example.pem -text Certificate: Data: Version: 3 (0x2) Serial Number: fd:22:40:d8:00:b8:68:fa Signature Algorithm: sha1WithRSAEncryption Issuer: C=NL, O=Tester, CN=example.com/emailAddress=test@example.com Validity Not Before: Apr 16 12:52:39 2015 GMT Not After : Apr 15 12:52:39 2016 GMT Subject: C=NL, O=Tester, CN=example.com/emailAddress=test@example.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:b9:d8:6f:90:04:9b:33:d6:6f:eb:cc:83:52:8f: 30:01:9c:b8:d0:d7:c7:3e:3c:63:27:fb:0d:02:c4: 21:ec:3a:42:06:05:16:0f:f3:49:3c:f9:9c:e7:86: 53:09:da:92:7b:92:73:39:31:c1:d4:b9:8c:5f:05: a3:14:d4:6a:da:4e:34:b9:73:49:db:ff:90:1b:3d: 1e:a2:58:ce:6b:23:f1:da:d3:60:8c:99:99:92:b2: ca:6a:d9:18:52:65:95:34:06:e7:28:d2:c0:2a:8d: ff:4a:3e:7e:bf:ba:ea:0d:76:f4:de:90:34:cc:20: 7e:dc:80:1f:8d:b0:94:9a:77 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: B4:82:EE:F5:8A:75:34:82:BD:23:03:3B:96:E4:A9:AE:B7:3B:5F:A9 X509v3 Authority Key Identifier: keyid:B4:82:EE:F5:8A:75:34:82:BD:23:03:3B:96:E4:A9:AE:B7:3B:5F:A9 DirName:/C=NL/O=Tester/CN=example.com/emailAddress=test@example.com serial:FD:22:40:D8:00:B8:68:FA X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 76:27:e2:e6:07:a2:cd:db:3a:6a:14:f4:a1:17:8e:7e:ff:97: da:b4:78:29:a1:33:be:ca:49:5f:26:83:6c:f8:40:9e:65:67: 91:ae:b8:14:5c:09:85:7f:e6:a0:6d:bb:a5:7d:e7:16:2e:c9: 6b:86:39:16:74:6f:e6:5c:40:8a:a0:4e:ec:eb:70:1a:85:e4: a1:7c:21:e1:a5:71:76:3b:dc:43:74:f2:ee:a7:eb:d2:f9:5b: 44:3e:26:7a:f8:e8:c7:40:c9:71:b9:e7:ad:93:8d:69:00:69: 16:e2:fb:e5:6d:45:b2:fb:8f:df:fc:2b:c7:a9:58:59:35:22: 56:7f -----BEGIN CERTIFICATE----- MIIC4TCCAkqgAwIBAgIJAP0iQNgAuGj6MA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV BAYTAk5MMQ8wDQYDVQQKEwZUZXN0ZXIxFDASBgNVBAMTC2V4YW1wbGUuY29tMR8w HQYJKoZIhvcNAQkBFhB0ZXN0QGV4YW1wbGUuY29tMB4XDTE1MDQxNjEyNTIzOVoX DTE2MDQxNTEyNTIzOVowVTELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRlc3RlcjEU MBIGA1UEAxMLZXhhbXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBs ZS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALnYb5AEmzPWb+vMg1KP MAGcuNDXxz48Yyf7DQLEIew6QgYFFg/zSTz5nOeGUwnaknuSczkxwdS5jF8FoxTU atpONLlzSdv/kBs9HqJYzmsj8drTYIyZmZKyymrZGFJllTQG5yjSwCqN/0o+fr+6 6g129N6QNMwgftyAH42wlJp3AgMBAAGjgbgwgbUwHQYDVR0OBBYEFLSC7vWKdTSC vSMDO5bkqa63O1+pMIGFBgNVHSMEfjB8gBS0gu71inU0gr0jAzuW5KmutztfqaFZ pFcwVTELMAkGA1UEBhMCTkwxDzANBgNVBAoTBlRlc3RlcjEUMBIGA1UEAxMLZXhh bXBsZS5jb20xHzAdBgkqhkiG9w0BCQEWEHRlc3RAZXhhbXBsZS5jb22CCQD9IkDY ALho+jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAHYn4uYHos3bOmoU 9KEXjn7/l9q0eCmhM77KSV8mg2z4QJ5lZ5GuuBRcCYV/5qBtu6V95xYuyWuGORZ0 b+ZcQIqgTuzrcBqF5KF8IeGlcXY73EN08u6n69L5W0Q+Jnr46MdAyXG5562TjWkA aRbi++VtRbL7j9/8K8epWFk1IlZ/ -----END CERTIFICATE-----