Provide instructions for creating certificate on Windows

[me21]

Certificates can be created on Windows with OpenSSL like this:

First, generate CA certificate:

C:\OpenSSL-Win32\bin\openssl req -x509 -new -key rootCA.key -days 10000 -out rootCA.crt

Then create cmd script with the following content:

C:\OpenSSL-Win32\bin\openssl req -newkey rsa:2048 -out %1.csr -keyout %1.key -nodes -subj "/C=US/ST=GE/L=location/O=organisation/CN=%1"
if "%~2"=="" (
  set SAN=DNS:%1
) else (
  set SAN=DNS:%2
)
C:\OpenSSL-Win32\bin\openssl x509 -req -in %1.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out %1.crt -days 5000 -extfile extfile.cnf
C:\OpenSSL-Win32\bin\openssl x509 -in %1.crt -out %1.crt.der -outform der
C:\OpenSSL-Win32\bin\openssl rsa -in %1.key -out %1.key.der -outform der

Save this snippet to create_new_cert.cmd file and run it as create_new_cert elabel.local. It will create new certificate named elabel.local.crt and corresponding key too. It will use DNS:elabel.local also for subjectAltName field of the certificate.
If run with two arguments (create_new_cert filename dnsname), it will create certificate with the corresponding filename and put DNS:dnsname into subjectAltName field of the certificate.

You may further tailor the script as you need.

[fhessel]

Thanks for providing the code!

Did you also found a way to convert the cert and key files to C headers, so that one could create a complete Windows version of create_cert.sh that generates the same outputs? I don't have a Windows machine at hand, so I can't check that by myself.

[me21]

There are many results when googling for "bin2c", here's one link: https://www.segger.com/free-utilities/bin2c/

[flywire]

First, generate CA certificate:

After Create Root Key