Prev Next

Self-Signed SSL Certificates

Create a certificate

There are many ways to create SSL certificates; however, we have found the OpenSSL toolkit to be the easiest and most comprehensive. As the name suggests, OpenSSL is an open source toolkit for SSL/TLS; see the official website for details.

You will need to download and install the OpenSSL product that suits your environment.  For the purpose of this document OpenSSL was installed into C:\OpenSSL-Win64. If your OpenSSL is installed into a different directory then these steps will have to be adjusted to suit.

  • Create a new command/batch file in C:\OpenSSL-Win64\bin\
  • Open this file and paste these details into it

      set SRVNAME=localhost

      openssl genrsa -out %SRVNAME%.key 2048

      openssl req -new -x509 -key %SRVNAME%.key -out %SRVNAME%.cert -days 3650 -subj /CN=%SRVNAME%

      copy /b %SRVNAME%.cert+%SRVNAME%.key server.pem

  • Change the value 'localhost' in the first line to suit your server's name and save the file
  • Run the batch file
  • Move the generated 'server.pem' file to the Cloud Service's 'Service' folder (that is, C:\Program Files (x86)\Sparx Systems\Cloud Services\Service\)

In the statements, the 'openssl genrsa' command will use OpenSSL to generate a new SSL private key, and save it to 'localhost.key'.

The 'openssl req' command will generate a .X509 self-signed certificate using the key generated, specifying 'localhost' as the common name (CN), setting the expiry to be 10 years from the current date and saving the certificate as 'localhost.cert'.

The final command simply copies the contents of the certificate and key files into the new file 'server.pem'.