How to Generate Private key and CSR on Windows to Obtain SSL Certificate | Private Key | CSR Certificate Signed Authority |

To obtain an SSL certificate you required Private key for your server and a CSR to upload on the SSL provider panel so that you can obtain your SSL certificate from there.

1. Download Openssl for windows and install the same using simple next, next finish steps.

2. Now Openssl is installed on your system, Open Command prompt and go inside the directory where you want to obtain an SSL certificate.

cd "directory name"

3. Type command "openssl genrsa -des3 -out server.pass.key 2048" to generate private key.

Note - It will ask for the password so enter a good password.

The "private key " will be generated in your desired directory.

4. Now you can convert this file into your server.key file as below.


D:\SSL>openssl rsa -in server.pass.key -out server.key
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Enter pass phrase for server.pass.key:
writing RSA key


D:\SSL>

You have a server.key now as a private key file in your current working directory.

5. You have private key with you and you can generate CSR with the help of this private key. you need to use command "openssl req -nodes -new -key server.key -out server.csr" for this as below.

D:\SSL>openssl req -nodes -new -key server.key -out server.csr
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Haryana
Locality Name (eg, city) []:delhi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:abc pvt ltd.
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.example.com
Email Address []:test@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

D:\SSL

Note :- It will ask for the country code, state, city, organization name, unit email address and domain name as above.  Fill all the details as above. You can leave blank the password.

Now you have done, Upload this CSR on your SSL provider such as Comodo godaddy, etc. and obtain the SSL certificate.