Download and install the win32 distribution of OpenSSL from Shining Light Productions here
Follow the installation instructions and install OpenSSL accepting the defaults.
The default installation path is C:\OpenSSL
Add C:\OpenSSL\bin to your system path (Control Panel, System, Advanced, Environment Variables, System Variables)
By default, the installation references C:\OpenSSL\bin\openssl.cnf via an environment variable created during installation, called OPENSSL_CONF but this mini-howto uses a custom openssl.conf placed in C:\OpenSSL
Download this openssl.conf (this is a zip, you will need to extract it) and place it in C:\OpenSSL.
Note: All commands to be typed at the prompt are highlighted
Create working directories:
C:\OpenSSL> md keys C:\OpenSSL> md certs C:\OpenSSL> md requests
Create an empty file called database.txt – this will maintain a list of all certs you create.
C:\OpenSSL> copy con database.txt ^Z C:\OpenSSL>
Create a file called serial.txt with 01 as the content (this will maintain a count of certs created)
C:\OpenSSL> copy con serial.txt 01 ^Z C:\OpenSSL>
Set up a Certificate Authority (CA)
Note: All the following commands are run from C:\OpenSSL
openssl genrsa -des3 -out keys/ca.key 1024
Next, create a master certificate based on this key, to use when signing certificates:
openssl req -config openssl.conf -new -x509 -days 999 -key keys/ca.key -out certs/ca.cer
This will create a CA certificate valid for 999 days, and store it as C:\OpenSSL\certsca.cer
Convert the certificate for use with iis:
openssl x509 -in certs/ca.cer -outform DER -out certs/ca.der
See Microsoft Article ID :228821 for details on how to create a certificate request in iis.
Save the generated certificate request in C:\OpenSSL\requestscertreq.txt
Sign the certificate request:
openssl ca -policy policy_anything -config openssl.conf -cert certs/ca.cer -in requests/certreq.txt -keyfile keys/ca.key -days 360 -out certs/iis.cer
Install the new certificate into IIS following the instructions given in Microsoft Article ID :228836 Installing a New Certificate with Certificate Wizard for Use in SSL/TLS