Create PKCS#12 file with self-signed certificate via OpenSSL in Windows for my Android App

Question

I am writing an Android App that requires SSL certification for certain web requests. I need to build a PKCS12 file (.pfx) with Self-Signed Certificate.

I d

Answer 1

The Win32 OpenSSL Installation Project is dedicated to providing a simple installation of OpenSSL. It is easy to set up and easy to use through the simple, effective installer. No need to compile anything or jump through any hoops, just click a few times and it is installed, leaving you to doing real work. You can get it here. In your case, you need Win64 OpenSSL v1.0.1e Installer.

These instructions show how to generate a PKCS#12 private key and public certificate file that is suitable for use with HTTPS, FTPS. These instructions assume you have downloaded and installed the Windows binary distribution of OpenSSL.

1.Generate an RSA private key:

>C:\Openssl\bin\openssl.exe genrsa -out <Key Filename> <Key Size>

Where:

<Key Filename> is the desired filename for the private key file

<Key Size> is the desired key length of either 1024, 2048, or 4096

For example, type:

>C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048.

2. Generate a Certificate Signing Request:

In version 0.9.8h and later:

>C:\Openssl\bin\openssl.exe req -new -key <Key Filename> -out <Request Filename> -config C:\Openssl\bin\openssl.cfg

Where:

<Key Filename> is the input filename of the previously generated private key

<Request Filename> is the output filename of the certificate signing request

For example, type:

>C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf

3. Follow the on-screen prompts for the required certificate request information.

4. Generate a self-signed public certificate based on the request:

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in <Request Filename> -signkey <Key Filename> -out <Certificate Filename>

Where:

<Request Filename> is the input filename of the certificate signing request

<Key Filename> is the input filename of the previously generated private key

<Certificate Filename> is the output filename of the public certificate

For example, type:

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt

5. Generate a PKCS#12 file:

>C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in <Public Certificate Filename> -inkey <Private Key Filename> -out <PKCS#12 Filename> -name "<Display Name>"

Where:

<Public Certificate Filename> is the input filename of the public certificate, in PEM format

<Private Key Filename> is the input filename of the private key

<PKCS#12 Filename> is the output filename of the pkcs#12 format file

<Display Name> is the desired name that will sometimes be displayed in user interfaces.

For example, type:

>C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name "my-name"

6. (Optional) Delete unneeded files.

At this point, you only need the PKCS#12 format file, so you can delete the certificate signing request (.csr) file, the private key (.key) file, and the public certificate (.crt) file.

The resulting PKCS#12 format file may now be used within Secure FTP Server - FIPS.

The resulting PKCS#12 format (.pfx) file may now be used with the Firefox browser ver 34.0.5.

Answer 2

I used the info at https://geekflare.com/openssl-commands-certificates/ and was successful in just 2 steps:

1. openssl req -x509 -sha256 -nodes -days 3650 -newkey rsa:4096 -keyout mykey.key -out mypem.pem

2. openssl pkcs12 -export -out myp12.p12 -inkey mykey.key -in mypem.pem

Answer 3

If you look at this site "http://www.sslshopper.com/article-most-common-openssl-commands.html" it has most of the common commands you would be looking for. I had to do this recently for amazon associates program and found their site helpful as well (http://docs.aws.amazon.com/IAM/latest/UserGuide/InstallCert.html#SampleCert).By the way, you will need to install openssl to run this (see: http://slproweb.com/products/Win32OpenSSL.html).