This is just a quick post about how to use OpenSSL to create certificates that you can use with IIS or Microsoft Azure. Of course you could use makecert.exe, but I generally prefer openssl, since I occasionally do Node.js and IOS development.
The information can be found elsewhere on the internet, but I always have too look around for it when I need it, so I decided to post the commands I recently used to generate certificates for a Azure point-to-site VPN.
To generate a self-signed certificate with OpenSSL use:
openssl req -x509 -days 365 -newkey rsa:<bits> -keyout cert.pem -out cert.pem
This command guides you through the process of generating a x509 certificate with a private key, and saves it in the pem format. The pem cannot be used with Microsoft products, so we need to convert it to PKCS#12/PFX Format which is what Microsoft uses. That can be done with
openssl pkcs12 -export -in server-cert.pem -inkey cert.pem -out cert.pfx
To get the public certificate in cer format (which in actually called DER) we could import the pfx certificate into a certificate store on a window machine and export it from here, but it’s easier just to ask openssl to create the cer file for us.
openssl x509 -pubkey -outform der -in cert.pem -out cert.cer
That is it now you got a certificate pair you can use with Microsoft software.