Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Heartbleed security vulnerability - OpenSSL 1.0.1 -> See here

Install OpenSSL on a windows machine

To perform certain cryptographic operations (creation of a private key, generation of a CSR, conversion of a certificate ...) on a Windows computer we can use the OpenSSL tool.

  • Go to this website: Download link for OpenSSL

  • Go down in the page and choose the version (in .EXE):
    • Win64 OpenSSL v1.X.X : if your OS is 64 bits
    • Win32 OpenSSL v1.X.X : if your OS is 32 bits

  • For some versions of Windows systems, you may need to install "Visual C ++ 2008 Redistributable".

Use OpenSSL on a Windows machine

By default, OpenSSL for Windows is installed in the following directory:

  • if you have installed Win64 OpenSSL v1.X.X: C:\Program Files\OpenSSL-Win64\
  • if you have installed Win32 OpenSSL v1.X.X: C:\Program Files (x86)\OpenSSL-Win32\

To launch OpenSSL, open a command prompt with administrator rights.

b)Generate the private key (.key) and the CSR (Certificate Signing Request)

As part of obtaining (or renewing or reissue) a certificate, you will have to generate a private key and the associated CSR. To do this we advise you to use our online wizard to execute the OpenSSL command with the adequate parameters.
Open a command prompt with Administrators rights (right click - Run as ...). Go to the "bin" subdirectory from the OpenSSL installation folder.

Example of the command to execut:
openssl req -new -newkey rsa:2048 -nodes -out www.mywebsite.com.csr -keyout www.mywebsite.com.key -subj "/C=FR/ST=Calvados/L=CAEN/O=Mon organisation/CN=www.mywebsite.com"

Save and keep safe the file containing the private key (.key, and copy / paste only the contents of the file .csr file in the order form.

Issues encountered on Windows while generating a CSR via one command

According to the version of OpenSSL you installed or to the the installation method on Windows, you may encounter error messages such as:

  • config or req is not recognized as an internal or external command
    Check the syntax and the quotes when executing your command.

  • Unable to load config info from /usr/local/ssl/openssl.cnf
    OpenSSL relies here on a Linux default arborescence.

Troubleshooting: execute simplified commands:

Reminder:
- To launch the command prompt, go to the start menu and execute "cmd".
- To paste the following command lines in dos command prompt, right click and select paste.
- To go to the repertory in which is installed OpenSSL, execute:

cd c:\
cd "Program Files" (or cd "Program Files(x86)")
cd OpenSSL-Win64 (or cd OpenSSL-Win32)
cd bin

  • The private key is generated with the following command. Define a file name that suits you:
    openssl genrsa 2048 > website-file.key

  • then use this command to generate the CSR:
    openssl req -new -key website-file.key > website-file.csr

    or this one:
    openssl req -new -key website-file.key -config "C:\Program Files\OpenSSL-Win64\openssl.cnf" -out website-file.csr

    On some platforms, theopenssl.cnf that OpenSSL reads by default to create the CSR is not good or nonexistent. In this case you can download our and place it, for example, in C:\Program Files\OpenSSL-Win64\openssl.cnf:


  • You'll be asked by the system to fill-in fields ; Fill them in and respect the instructions (more information onObtain a server certificate)


    Country Name (2 letter code) []: (FR for example)
    State or Province Name (full name) [Some-State]: (the name of your state in full letters)
    Locality Name (eg, city) []: (the name of your city)
    Organization Name (eg, company) []: (the name of your organization)
    Organizational Unit Name (eg, section) []: (let blank - advised - or provide a generic term such as "IT department")
    Common Name (eg, YOUR name) []: (the name of the site to be secured)
    Email Address []: (let blank)

    Let the other fields blank, they are optional.

So you get 2 files: site-file.key and site-file.csr. Keep the private key file (site-file.key) securely, then copy / paste the content of the site-file.csr file into the order form at TBS CERTIFICATES.
Warning: Never send us or a third party the private key (site-file.key) otherwise the security of your site may no longer be ensured.

OpenSSL: cases of uses

OpenSSL is the toolbox mainly used by opensource software for SSL implementation.