I regularly need some self-signed certificates for development or testing purposes. On a MacOS or Linux machines creating one is dead-simple thanks to OpenSSL:
openssl req -newkey rsa:2048 -keyout privkey.pem -x509 -days 365 -out fullchain.pem
Problem is when you are working on Windows where the above command won't work. As a work-around you can install Cygwin or OpenSSL for Windows, but if you already have Docker installed there is a much neater way: Use a lightweight linux container with OpenSSL to create your certificate. That way you don't have to install anything and can use same the commands on all platforms.
1. create the OpenSSL image
First we need an image for a container that has OpenSSL installed. To achieve that we can create the following
# we use the tiny alpine linux as base FROM alpine:3.8 # install openssl RUN apk update && \ apk add --no-cache openssl && \ rm -rf "/var/cache/apk/*" # create and set mount volume WORKDIR /openssl-certs VOLUME /openssl-certs ENTRYPOINT ["openssl"]
Open a terminal, navigate to the folder containing the above
Dockerfile and build the image:
docker build -t my-openssl:latest .
Nice! Next up we will use the image to create a container that will generate certificates with OpenSSL for us.
2. using the image
Ok, now we can start our "certificate generator" container (make sure to replace "C:/some/path" with the path where you want your certificate):
docker run -it --rm -v "C:/some/path:/openssl-certs" my-openssl
--rmthe container will be automatically removed after we generated our certificate.
We should see OpenSSL running, greeting us with
OpenSSL> and patiently awaiting our instructions. Now we can basicly type the same OpenSSL command as above (we only omit
openssl at the beginning, because OpenSSL is already started):
req -newkey rsa:2048 -keyout privkey.pem -x509 -days 365 -out fullchain.pem
Follow the on-screen instructions to generate your certificate. After you reach
OpenSSL> again, type
exit and tada: your certificate should now be located under "C:\some\path" ready to be used!
Admittedly, this seems like a lot of work at first. But you will only have to build your image once. After that you can use it to create as many certificates as you want almost exactly like you would on MacOS or Linux. If you have Docker installed and are familiar with it, I think this is a fast and neat way to create self-signed certificates on a Windows machine.