Using OpenSSL

The Certificate Creation wizard guides you through the process of creating keys and certificates without using a command line. If you prefer to use a command line tool, the OpenSSL command-line tool can be used to generate and convert private keys and public certificates, including:

You can download the precompiled Windows binary and Windows Installer for OpenSSL from http://www.openssl.org/related/binaries.html. The OpenSSL distribution contains a number of utilities, including the main utility openssl.exe. By default, the utilities are installed in C:\Openssl\bin. openssl.exe and associated utilities are used at a Windows command prompt.

Some commands require specification of the OpenSSL configuration file openssl.cnf. By default, this file is installed in C:\Openssl\bin. Therefore, when required to specify the configuration filename, you would use the following path:

You can run the commands from any location by specifying the full path to the desired executable or by changing to the bin directory and using only the executable filenames.

For example:

>cd c:\temp

>c:\Openssl\bin\openssl

-OR-

>cd c:\Openssl\bin

>openssl.exe

 

Refer to the procedures below for using OpenSSL to generate or convert private keys and public certificates for use with EFT Server.

Use this procedure if you want to generate a public certificate and unencrypted key by hand instead of generating one from within EFT Server.

Use this procedure if you want to generate a public certificate and encrypted key by hand instead of generating one from within EFT Server.

Use this procedure if you want to generate a compatible PFX/P12 file (often confused with PFX) containing a public certificate and key.

Use this procedure when you already have a public certificate and PEM encoded PKCS#8 format encrypted private key file. You can determine the format by viewing the private key file in a text editor. If it contains the following line, then this procedure most likely applies:

-----BEGIN ENCRYPTED PRIVATE KEY-----

Use this procedure when you already have a public certificate and traditional PEM encoded encrypted private key file. You can determine the format by viewing the private key file in a text editor. If it contains the following line, then this procedure most likely applies:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED

Use this procedure when you want to convert an existing incompatible PKCS#12 format encrypted private key/public certificate file to a compatible PKCS#12 format file.