We're going to see here how to create a self-signed SSL certificate, so that we can use it for various tasks ( Remote Desktop Connection, Web Server, EMail Server, etc ... )
We will use OpenSSL for this task. I'll explain the software installation and the certificate creation tasks using a Windows 7 x64 OS
As it is self-signed, it is cryptographically strong (AES256 / RSA4096 ), but can be compromised by a high-grade attack ( needing either physical access to the server or Man in the middle attack ).
So purchasing a real authored certificate may be a good professionnal choice, if such a level of attack is to be feared.
If you don't want to build OpenSSL yourself, there are some ready binaries.
I use this one :
which is linked from the official www.openssl.org webpage.
For a little ease of mind, a virus total scan is possible.
We only need the Light version, and it has an installer.
The latest version for x64 is Win64OpenSSL_Light-1_0_1e at the time of this writing.
We probabaly need the Windows 2008 redistributable, so we get it too, the link is on the same webpage( vcredist_x64 here )
If you get a warning trying to install OpenSSL, first install the 2008 Redistributable
Creating a certificate and private key with OpenSSL
we launch the command line with admin rights
we navigate to the OpenSSL bin folder ( likely C:\OpenSSL-Win64\bin\ )
we generate the Private Key :
openssl genrsa -des3 -out certificate.key 4096
take good note of your passphrase ( let's call it [passphrase1] )
we create the Certificate Signing Request :
openssl req -new -key certificate.key -out certificate.csr
the first question about [passphrase1]
we create the certificate :
openssl x509 -req -days 365 -in certificate.csr -signkey certificate.key -out certificate.crt
the first question is about [passphrase1]
if we want to remove the password from the Private Key :
openssl rsa -in certificate.key -out certificate.key
( the asked password is [passphrase1] )
We can now go to the \OpenSSL-Win64\bin\ folder and get :
the Certificate ( certificate.crt )
the Private key ( certificate.key )
We're using Self Signed Certificates, so softwares and antivirus will rightfull try to make us not using them. So we have to use temporary or permanent exceptions to deal with this.