“OpenSSL” is a command line utility used to install SSL/TLS certificates, view certificates, create CSRs, or generate private keys. However, its major role is to create or generate SSL certificates. “OpenSSL” can be installed on Windows using PowerShell. Moreover, the files in PowerShell can be encrypted or decrypted using “OpenSSL”.
The following article will spotlight the “OpenSSL” topic in detail.
The Remarkable OpenSSL on Windows 10 (PowerShell)
These topics will be approached in this guide:
- Install OpenSSL on Windows 10 (PowerShell).
- Set up a working directory.
- Configure OpenSSL.
- Update environment variables using PowerShell.
- Generate CSR.
- Generate a private key.
- Create a Self-Signed SSL certificate.
- Verify the certificate, CSR, key or private key.
How to Perform the Installation of OpenSSL on Windows 10 (PowerShell)?
The prerequisite to install “OpenSSL” on Windows is to install chocolatey first by executing the given code:
After installing chocolatey, execute the given code to install OpenSSL:
How to Set up a Working Directory?
Setting up a working directory includes creating the folder “C:\certs” which will store all the certificates:
In the above code snippet:
- At first, write the cmdlet “New-Item”.
- Then, add the “-ItemType” parameter and assign the value “Directory” to it.
- After that, add another parameter “-Path” and specify the target path where the files will be stored:
How to Configure OpenSSL?
Let’s configure the “OpenSSL” to download the files of configuration and store them in the current working directory. For that reason, execute the given code:
According to the above line of code:
- First, write the “Invoke-WebRequest” cmdlet and specify the configuration file URL to download it.
- Then, add the “-OutFile” cmdlet and assign it the target file path where these files will be stored:
How to Update Environment Variables Using PowerShell?
Environment variables can be updated by executing the given lines of code:
'$env:openssl_conf = "C:\Certs\openssl.cnf"' | Out-File $profile -Append
In the above code snippet:
- In the above-stated code, first, specify the target file path followed by the pipeline “|”, which is used to transfer the output of the previous code to the next.
- Then, add the “Out-File” cmdlet along with the variable “$profile” and define the parameter “-Append” at the end to append the environment variables to the existing path.
- In the next line, first specify the “$env:openssl_conf”, and first assign it the specified certificate path, followed by the pipeline “|”.
- After that, write the “Out-File” cmdlet, followed by the “$profile” variable, and add the “-Append” parameter to add the data into the existing configuration file:
How to Generate CSR?
The CSR(Certificate Signing Request) file can be generated by the execution of the given code:
In the above code snippet:
- First, add the “openssl” cmdlet and then mention the “req” cmdlet.
- Then, specify two parameters “-new” and “-out”.
- Lastly, write the file name and the extension. The “.csr” file will be stored in the current working directory:
How to Generate a Private Key?
A private key is sometimes called the “key pair”. It can be utilized in functions that needs the usage of public keys or parameters. The OpenSSL is commonly used to generate/create private keys:
In the above code snippet:
- First, write the “openssl” cmdlet followed by the “genrsa”.
- Then, write the “-out” parameter and assign the “rsa.private” value which is the file name and the extension.
- Lastly, add file size which is “2048”:
How to Create/Generate a Self-Signed SSL Certificate by Utilizing OpenSSL?
The “Self-Signed” SSL certificate is not signed by a trusted authority or organization. As its name suggests, it is signed by a single individual. These certificates are not considered secure certificates. To create a “Self-Signed” SSL certificate simply execute the given code:
In the above code snippet:
- First, add the “openssl” cmdlet followed by the “req” parameter.
- Then, add the parameters including “-x509”, “-sha256”, “-nodes” and the “-days”.
- Assign the “-days” parameter the value “365” which is equivalent to one year.
- After that, define the “-newkey” parameter and assign the value “rsa:2048”.
- Add another parameter “-keyout” and assign the value “key” to create the private key.
- Lastly, write the “-out” parameter and assign the target file path along with the name and extension:
How to Verify the Certificate, CSR, Key, or Private Key?
The created certificates can be verified by executing the below line of code:
According to the above code:
- First, write the “openssl” cmdlet followed by the “req” cmdlet.
- Then, add the parameters including “-text”, “-noout”, “-verify” and “-in”.
- Lastly, add the target file path, name, and extension:
That was all about installing and using “OpenSSL” on Windows 10.
Conclusion
The “OpenSSL” on Windows is the command line utility that helps in creating, viewing, or installing SSL/TLS certificates. Moreover, it can also help in creating private keys and generating CSR. It is not a built-in feature on Windows but needs to be installed manually. This blog has covered “OpenSSL” in detail, providing every detail of it.
