JOIN OUR AFFILIATE NETWORK

Join our affiliate network and become a local SSL expert

♦ learn more about our program ♦
Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Heartbleed security vulnerability - OpenSSL 1.0.1 -> See here

Install OpenSSL on a windows machine

To perform certain cryptographic operations (creation of a private key, generation of a CSR, conversion of a certificate ...) on a Windows computer we can use the OpenSSL tool.

  • Go to this website: Download link for OpenSSL

  • Go down in the page and choose the version (in .EXE):
    • Win64 OpenSSL v1.X.X Light : if your OS is 64 bits
    • Win32 OpenSSL v1.X.X Light : if your OS is 32 bits

  • For some versions of Windows systems, you may need to install "Visual C ++ 2008 Redistributable".

Use OpenSSL on a Windows machine

By default, OpenSSL for Windows is installed in the following directory:

  • if you installed Win64 OpenSSL v1.X.X Light : c:\OpenSSL-Win64\
  • if you installed Win32 OpenSSL v1.X.X Light : c:\OpenSSL-Win32\

To launch OpenSSL, open a command prompt with administrator rights.

b)Generate the private key (.key) and the CSR (Certificate Signing Request)

To get a new certificate (or a renewal or a reissuance) you'll have to generate a new private key and a new CSR. To do so, we advise you to use our online wizard to execute the OpenSSL command with the adequate parameters.

Example of the command to execut:
C:\OpenSSL-Win32\bin\openssl.exe req -new -newkey rsa:2048 -nodes -out www.mywebsite.com.csr -keyout www.mywebsite.com.key -subj "/C=US/ST=England/L=London/O=My organization/CN=www.my-website.com"

Save and keep safe the file containing the private key (.key, and copy / paste only the contents of the file .csr file in the order form.

Issues encountered on Windows while generating a CSR via one command

According to the version of OpenSSL you installed or to the the installation method on Windows, you may encounter error messages such as:

  • config or req is not recognized as an internal or external command
    Check the syntax and the quotes when executing your command.

  • Unable to load config info from /usr/local/ssl/openssl.cnf
    OpenSSL relies here on a Linux default arborescence.

Troubleshooting: execute simplified commands:

Reminder:
- To launch the command prompt, go to the start menu and execute "cmd".
- To paste the following command lines in dos command prompt, right click and select paste.
- To go to the repertory in which is installed OpenSSL, execute:

cd c:\
cd OpenSSL (ou cd OpenSSL-Win32)
cd bin

  • The private key is generated with the following command. Define a file name that suits you:
    C:\OpenSSL\bin\openssl.exe genrsa 2048 > site-file.key

  • then use this command to generate the CSR:
    C:\OpenSSL\bin\openssl.exe req -new -key site-file.key > site-file.csr

    or this one:
    C:\OpenSSL\bin\openssl.exe req -new -key site-file.key -config "C:\OpenSSL\openssl.cnf" -out site-file.csr

    On some platforms, theopenssl.cnf file that OpenSSL reads by default to create the CSR is not the right one or does not exist. In that case download ours and store it in C:\OpenSSL\openssl.cnf:


  • You'll be asked by the system to fill-in fields ; Fill them in and respect the instructions (more information onObtain a server certificate)


    Country Name (2 letter code) []: (FR for example)
    State or Province Name (full name) [Some-State]: (the name of your state in full letters)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (the name of your organization)
    Organizational Unit Name (eg, section) []: (let blank - advised - or provide a generic term such as "IT department")
    Common Name (eg, YOUR name) []: (the name of the site to be secured)
    Email Address []: (let blank)

    Let the other fields blank, they are optional.

So you get 2 files: site-file.key and site-file.csr. Keep the private key file (site-file.key) securely, then copy / paste the content of the site-file.csr file into the order form at TBS CERTIFICATES.
Warning: Never send us or a third party the private key (site-file.key) otherwise the security of your site may no longer be ensured.

OpenSSL: cases of uses

OpenSSL is the toolbox mainly used by opensource software for SSL implementation.