You can create a self-signed certificate using OpenSSL.


Download the Win32 OpenSSL Light package for generating SSL certificates from to a folder of your choice; for example, C:\Utils\OpenSSL.


  1. To add Server Authentication to EKU, open openssl.cfg and add extendedKeyUsage setting under the v3_ca section.
    [ v3_ca ] extendedKeyUsage = serverAuth
  2. Open command prompt and go to C:\Utils\OpenSSL\bin, and set the default OpenSSL configuration variable.
    set OPENSSL_CONF=C:\Utils\OpenSSL-Win32\bin\openssl.cfg
  3. Generate a self-signed certificate with a new private key.
    openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -subj "/CN=HOSTNAME"
  4. Convert the certificate and the private key to a .pfx file.
    openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name "HOSTNAME" -passout pass:
  5. Deploy the generated SSL certificate (HOSTNAME.PFX file in the bin folder) to the remote server and import it there .