Win OpenSSL Tutorial

ok here im going to talk about how to create a ssl certificate so you can use it free with filezilla other uses are creating secure webpages and encrypting email 

first step download winopenssl from slproweb.com/products/win32openssl.html

Find the version you would like for your os i think 32 will work on 64 bit but 64 deffinatly will not work on 32 i used the 64 bit and as far as doing all this its the same as the 32 when working with it.

then download also the Visualc++ you need for your system also this probably is os specific 32 will not work on 64 most likely and you dont have to have this but to not get an error when installing you will want this there maybe other things that openssl needs visualc++ in order to do this stuff but watching a video on it they did not need it.

now install the visualc++ then install openssl you can hit next till you get to how you want to copy the dlls to the best and easyest way is to copy to the /bin directory.

then after that you want to goto computer and right click>properties>advanced system setting then click on the button Environment Variables... 

then in the system variables area click new for the name you cant put anything i put openssl cfg so if in the future i need to remember what this is or what i did it will be there.

Then variable value location default is

c:\OpenSSL\bin\openssl.cfg and hit ok.

This will allow openssl to access the .cfg file

now create a folder in c:\openssl called mycerts

This will give you a clean place to have your certs in also easy to find when needing to move these for servers or if you want to get the cert verified by verisign or who ever else.

now open cmd the way i open it is by hitting the windows key + r this will open run then type cmd

now you want to change your working directory by typing 

cd C:\openssl\mycerts 

if you installed the folders to a different drive you will need to change the drive letter first and you can do that just by typing the letter like this d:

nowneed for cd to change drive if you use cd it will not work properly.

no we need to open openssl we do this by typing.

c:\openssl\bin\openssl

Now to create our certs first one will be the server.key some steps labbled may not be needed but threw the stuff i had to digg into and to get my ftps server working these are the steps. 

type

genrsa -des3 -out server.key 2048 <note> the part before .key can be any name

then enter a passphase whatever youd like this secures the file puts a password in order to change the rest.

Now to create a certificate sighning request

we do this by typing

req -new -key server.key -out server.csr

enter the passphrase used to create the server.key

now enter the stuff people will see when they are asked to accept the key

example since i live in north pole alaska and i made up a company TheKypt not sure if you can just hit enter and leave it blank and common name will be your server name like if it was google theyd put google.com 

US

Alaska

Northpole

TheKrypt

IT

SuperKrypt

xfallenxcripplex@gmail.com

then enter challenge password different from what your server.key was

This will be used to sign the cert using this cert csr means certificate signing request.

this cert can be all you need to send to verisighn or whoever to give you a cert to use on your server to create encryption.

but openssl has the ability to sighn its self and we do that by typing:

genrsa -des3 -out ca.key 2048

again create a  passphrase

now to create a self signed certificate authority to sign server.key

by type

req -new -x509 -days 365 -key ca.key -out ca.crt

Then again the certificate attributes they can be the same as before this will show who the first key is signed from so be best they match i think but video i watched had a good take on it also.

now to use this to sign the server.key we type

x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set.serial 01 -out server.crt

now type the passphrase you used for creating ca.crt

now you have server.crt this is what you will need in most basic servers atleast what i used for filezilla ftps

now if your running a ii56 web server you can convert this key to a .pfx

by typing

pkcs12 -export -in server.crt -inkey server.key -out server.pfx -name "servercert"

now we are going to install a prog that uses this cert to encrypt our data from prying eyes i first used this and needed this for creating a ftp server and i used Filezilla for this.

Also just about all command line programs have a help file for winopenssl just type help and it will give you a list of commands that are usuable there not explaines very well but after using thses type of programs you can kinda figure out what does what and how to use it.