You need to have OpenSSL version 1.1.1g (for Windows) installed. The OpenSSL application allows you to create signed certificates.
Generate the .key
file and cert for CA. Run the following code in the Command Prompt. You can substitute the esmc-custom-ca.key
and esmc-custom-ca.der
filename with your custom name.
openssl genrsa -out emsc-custom-ca.key 2048
openssl req -x509 -new -nodes -key emsc-custom-ca.key -sha256 -days 3650 -out emsc-custom-ca.der -outform der -subj "/CN=ESMC Custom CA"
echo authorityKeyIdentifier=keyid,issuer >esmc.ext
echo basicConstraints=CA:FALSE >>esmc.ext
echo keyUsage=digitalSignature,keyEncipherment,dataEncipherment >>esmc.ext
echo subjectAltName=DNS:* >>esmc.ext
.pfx
file. Replace the password
with a proper password.openssl genrsa -out esmc-server.key 2048
openssl req -new -key esmc-server.key -subj "/CN=ESMC Server" | openssl x509 -req -CA emsc-custom-ca.der -CAkey emsc-custom-ca.key -CAform DER -out esmc-server.crt -days 1825 -sha256 -extfile esmc.ext
openssl pkcs12 -export -out esmc-server.pfx -inkey esmc-server.key -in esmc-server.crt -passout pass:password
.pfx
file. Replace the password
with a proper password.openssl genrsa -out esmc-agent.key 2048
openssl req -new -key esmc-agent.key -subj "/CN=ESMC Agent" | openssl x509 -req -CA emsc-custom-ca.der -CAkey emsc-custom-ca.key -CAform DER -out esmc-agent.crt -days 1825 -sha256 -extfile esmc.ext
openssl pkcs12 -export -out esmc-agent.pfx -inkey esmc-agent.key -in esmc-agent.crt -passout pass:password