Create a self signed certificate in Windows [Full Guide]

Tashreef Shareef
by Tashreef Shareef
Windows & Software Expert
Tashreef Shareef is a software developer turned tech writer. He discovered his interest in technology after reading a tech magazine accidentally. Now he writes about everything tech from Windows to iOS and streaming services... Read more
Affiliate Disclosure
  • The process of adding an SSL certificate to your website is pretty straight-forward, and this guide will help.
  • We also discuss the 3 most efficient ways to either purchase an SSL certificate, use an open-source SSL, or create your own.
  • Explore our Site Owner Hub for more useful guides on this topic.
  • Consider bookmarking our detailed Certificate Error section to ensure you'll never be overwhelmed by this type of issue.


Self signed OpenSSL certificate

Adding an SSL certificate to your website is a straightforward process. You can either purchase a third-party SSL certificate and renew it on a yearly basis or use an open-source SSL certificate and create a corn job to renew it every month.

However, for development and testing, you can explore the possibility of creating a self-signed SSL certificate in Windows.


WP-Engine Best WordPress hosting sale-coupon Check offer!
Bluehost 33% off for a three-year plan Check offer!
InMotion Start a website at 2.49$ per month Check offer!
GoDaddy Currently at 50% discount Check offer!
Siteground Get a plan at a half-price Check offer!

Creating a self-signed certificate is an excellent alternative to purchasing and renewing a yearly certification for testing purposes. You can make use of OpenSSL to generate a self-signed certificate for this purpose.

In this article, we explore how to create a self-signed certificate in Windows. The later part of the article also explores how to deploy the self-signed certificate to client machines.

Quick Tip:

Although you can save some money if you create a self-signed certificate, it may lead to a permanent block of your website for some users. This is caused by the certificate error message and in most cases cannot be undone.

Besides that, the process is time-consuming and really not worth your time which also has a certain cost. We strongly recommend using a 3rd party SSL service provider.

GoDaddy SSL Certificates

GoDaddy SSL Certificates

GoDaddy is one of the best web hosting providers that also offers affordable SSL certificates.

Check price
Visit website

Generate self-signed certificate in Windows 10

Use OpenSSL to create a self-signed certificate

Install OpenSSL

Create a self-signed certificate
  1. Download the latest OpenSSL windows installer from a third-party source.
  2. Run the installer. OpenSSL requires Microsoft Visual C++ to run. The installer will prompt you to install Visual C++ if it is already not installed.
  3. Click Yes to install.
  4. Run the OpenSSL installer again and select the installation directory.
  5. Click Next.
  6. Open a command prompt and type OpenSSL to get OpenSSL prompt.

Create a public/private key file pair

Create a self-signed certificate
  1. Make sure you have OpenSSL installed.
  2. Open Command Prompt and create a new directory on your C drive:
    C: >cd Test
  3. Now go to the new directory:
    C: Test>
  4. Now you need to type the path of the OpenSSL install directory followed by the RSA key algorithm.
    C: Test>c:opensslbinopenssl genrsa -out privkey.pem 4096
  5. Run the following command to split the generated file into separate private and public key files:

C: Test>c:opensslbinopenssl ssh-keygen -t rsa -b 4096 -f privkey.pem

Once you have the public/private key generated, follow the next set of steps to create a self-signed certificate file on a Windows system.

Create a self-signed certificate

Create a self-signed certificate
  1. Open a Command Prompt window.
  2. Go to the directory that you created earlier for the public/private key file.
    C: Test>
  3. Enter the path of the OpenSSL install directory, followed by the self-signed certificate algorithm:
    C: Test>c:opensslbinopenssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
  1. Follow the on-screen instruction.
  2. You need to enter information about your organization, region, and contact details to create a self-signed certificate.

If you would rather use PowerShell to create a self-signed certificate, follow the next set of steps instead.

Windows Server could not create SSL/TLS secure channel error

Create a Self-Signed Certificate Using PowerShell

Create a self-signed certificate
  1. Open PowerShell as administrator. Press the Windows key, type Powershell. Right-click on PowerShell and select Run as Administrator.
  2. Run the New-SelfsignedCertificate command, as shown below.
    $cert = New-SelfSignedCertificate -certstorelocation cert:localmachinemy -dnsname
  3. This will add the certificate to the locater store on your PC. Replace with your domain name in the above command.
  4. Next, create a password for your export file:
    $pwd = ConvertTo-SecureString -String ‘password!’ -Force -AsPlainText
  5. Replace Password with your own password.
  6. Enter the following command to export the self-signed certificate:
    $path = 'cert:localMachinemy' + $cert.thumbprint Export-PfxCertificate -cert $path -FilePath c:tempcert.pfx -Password $pwd
  7. In the above command replace c:temp with the directory where you want to export the file.
  8. You can import the exported file and deploy it for your project.

How to add my self-signed certificate into curls ca file on windows

Self Signed OpenSSL certificate
  1. Once you have created a self-signed certificate and installed it, you may want cURL to trust the certificate as well.
  2. The later versions of cURL don’t include a trusted listed a .pem file. You can download the .pem file and type the following command in the php.ini file.
    curl.cainfo = "C:xamppphpcacert.pem"
  3. Once done, you need to get cURL to trust your self-signed certificate. To do this, open your server.crt file. The file is created when you created your self-signed certificate.
  4. Copy all the content of the server.crt file and then add it to the cacert.pem file.

Creating a self-signed certificate using OpenSSL can be done using the Command Prompt or PowerShell. Being able to create your self-signed certificate allows you to create a temporary certificate for in-development projects that require an SSL certificate.

Frequently Asked Questions

  • Yes. You can create your own SSL certificate using OpenSSL for local project development. However, these certificates are not trusted by the web browser and operating system since it is not from a Certificate Authority.

  • You can generate a self-signed certificate using Windows Server IIS or OpenSSL. For IIS, select the name of the server in the Connection column, double-click on Server Certificates, and select Create Self Signed Certificate.

  • If you are using a self-signed certificate on the production version of your website, then the visitors’ web browser will show a certificate error. It will also deter any potential client from visiting your website.

This article covers:Topics: