May 03

When working with PKI-based security solutions one typically requires one or more X.509 Certificates and related private keys. X.509 Certificates are typically purchased from well known Certification Authorities, such Verisign, for a fair amount of money and are valid for 1 or 2 years. It is not perhaps widely known that one can create a perfectly functional X.509 Certificate and use it in PKI-based solutions by oneself, free of charge and valid for an arbitrary amount of time. While tools are available to both generate key pairs and create X.509 Certificates, the how of it is somewhat obscure.  This document discusses the use of the OpenSSL software in creation of private PKI objects such as Key Pairs and X.509 Certificates and PKCS#12 Keystores. It discusses the use of Windows-based scripts, developed by the author, that make the process painless and quick.

This document discusses the use of cryptographic software and manipulation of cryptographic objects.  Using or discussing cryptography software is illegal in some parts of the world. It is you responsibility to ensure that you comply with any import/export and use laws that apply to you.


The document references the artifact archive, “PKI_Scripts_Windows“.

2 Responses to “Producing Free, Private X.509 Certificates for use with PKI-based Solutions”

  1. Christian Brennsteiner says:


    what should i say. another very helpful paper. you seem to smell what i need in the next view weeks 😉

    regards chris

  2. Eric Lerognon says:

    You can also use the GUI tool

Leave a Reply

preload preload preload