Didier Stevens

I explain how to create certificates with OpenSSL on your Windows computer in my blog post “How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)“.

If you can’t or don’t want to install OpenSSL, there is a solution now with Web OpenSSL.

With Web OpenSSL, you can just run OpenSSL and the commands in your browser, like this (for more info on these commands , read my blog post).

Go to Web OpenSSL:

Scroll down a bit:

Click “Enter split screen”. You will now have a command-line interface to the left and the folder with files to the right:

Enter this command:

openssl genrsa -out ca.key 4096

Notice that 2 files have been created. You can take a look at them, for example ca.key:

Enter this command and answer the questions:

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

Enter this command:

openssl genrsa -out ia.key 4096

Enter this command and answer the questions:

openssl req -new -key ia.key -out ia.csr

Create a text file named altname.cnf and enter your domain name, this is the content for my domain name: subjectAltName=DNS:www.didierstevens.com

Upload this file (button Browse in Files) and check it was properly uploaded:

Enter this command:

openssl x509 -req -days 730 -in ia.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out ia.crt -extfile altname.cnf

Enter this command:

openssl pkcs12 -export -out ia.p12 -inkey ia.key -in ia.crt -chain -CAfile ca.crt

You can then download all your files:

Verify and start using them:

If you want to understand what these commands exactly do, read my blog post “How-to: Make Your Own Cert With OpenSSL on Windows (Reloaded)“.