search

Generate a Self-Signed Certificate

This kind of certificate is good when you don't need a globally signed certificate issued by a certificate authority such as Verisignarrow-up-right. You can use a self-signed certificate for development purposes or for private use in your intranet network or over the internet. You can use OpenSSLarrow-up-right to generate the certificate files.

First, download and install OpenSSL Windows binaries from https://slproweb.com/products/Win32OpenSSL.html (the lite version is recommended). After installing it, open a command prompt and follow the instructions below.

1

hashtag
Create or export a Root certificate

If you already have a root certificate installed in Windows you can export it instead of generating a new one:

  • Go to Control Panel -> Internet Options -> Content -> Certificates.

  • Select the root certificate you want to export.

  • Choose the base64 format and select folder and file name to export.

This will export your root certificate in .cer format which you can safely rename to .pem.

Alternatively, to create a root certificate from scratch:

  1. Start a command prompt with administrative privileges.

  2. Generate a root private key:

Generate root key
openssl genrsa -out root.key 1024

  • This creates root.key with a 1024-bit key. Other options are 2048 and 4096.

If you want to create a root key protected by a password, use:

Generate password-protected root key
openssl genrsa -des3 -out root.key 1024

  1. Self-sign the root certificate:

If the root key is not password protected:

Self-sign root certificate (no password)
openssl req -x509 -days 365 -new -nodes -key root.key -out root.pem

If the root key is password protected:

Self-sign root certificate (with password)
openssl req -x509 -days 365 -new -key root.key -out root.pem

You will be prompted to provide the Distinguished Name (DN) fields (Country, State, Locality, Organization, Organizational Unit, Common Name, Email). Example prompts:

  • Country Name (2 letter code) [AU]: TR

  • State or Province Name (full name) [Some-State]: Ankara

  • Locality Name (eg, city) []: Cankaya

  • Organization Name (eg, company) [Internet Widgits Pty Ltd]: FMSoft

  • Organizational Unit Name (eg, section) []: R&D

  • Common Name (eg, YOUR name) []: Farshad Mohajeri

  • Email Address []: [email protected]

This produces root.pem in the current folder. This file will be used by your uniGUI server.

circle-info

The -days 365 option specifies the number of days the certificate will remain valid. Adjust as needed.

2

hashtag
Generate a self-signed server key and certificate

This step produces key.pem and cert.pem.

Run the following command to generate a new private key and a self-signed certificate in one step (no password on the private key):

Generate key.pem and cert.pem (no password)
openssl req -x509 -days 365 -nodes -newkey rsa:1024 -keyout key.pem -out cert.pem

You will be prompted for DN fields as in the root certificate creation.

If you want the private key protected by a password, use:

Generate key.pem and cert.pem (with password)
openssl req -x509 -days 365 -newkey rsa:1024 -keyout key.pem -out cert.pem

In that case you will be prompted to enter and verify a PEM pass phrase. If you assign a password, that password should be set to the SSL->SSLPassword parameter of UniServerModule (see https://unigui.com/doc/online_help/configure_unigui_server.htm).

When all above procedures are completed you will have three files:

  • root.pem

  • key.pem

  • cert.pem

Place these three files in the same folder as your server executable binary to run your project in SSL mode.

AnteriorGetting a SSL certificate from GoDaddyPróximoConfigure SSL Parameters