You need to have OpenSSL version 1.1.1 (for Windows) installed. The OpenSSL application enables you to create signed certificates.
Generate the .key
file and certificate for CA. Run the following code in the Command Prompt. You can substitute the protect-custom-ca.key
and protect-custom-ca.der
filename with your custom name.
openssl genrsa -out protect-custom-ca.key 2048
openssl req -x509 -new -nodes -key protect-custom-ca.key -sha256 -days 3650 -out protect-custom-ca.der -outform der -subj "/CN=PROTECT Custom CA"
echo authorityKeyIdentifier=keyid,issuer >protect.ext
echo basicConstraints=CA:FALSE >>protect.ext
echo keyUsage=digitalSignature,keyEncipherment,dataEncipherment >>protect.ext
echo subjectAltName=DNS:* >>protect.ext
.pfx
file. Replace the password
with a proper password.openssl genrsa -out protect-server.key 2048
openssl req -new -key protect-server.key -subj "/CN=PROTECT Server" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-server.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-server.pfx -inkey protect-server.key -in protect-server.crt -passout pass:password
.pfx
file. Replace the password
with a proper password.openssl genrsa -out protect-agent.key 2048
openssl req -new -key protect-agent.key -subj "/CN=PROTECT Agent" | openssl x509 -req -CA protect-custom-ca.der -CAkey protect-custom-ca.key -CAform DER -out protect-agent.crt -days 1825 -sha256 -extfile protect.ext
openssl pkcs12 -export -out protect-agent.pfx -inkey protect-agent.key -in protect-agent.crt -passout pass:password