A Windows Certificate Authority based on openssl and only using files. Suited for putting on a USB stick.
- Extract to the top level of a USB stick. You might want to replace the OpenSSL-Win32 directory with a more trustable source.
- Edit the top of ca.cmd to suit your needs. You need to update the variables CAKEY, CAREQ and CACERT. You may also want to edit the variables DAYS and CADAYS.
- Edit openssl.cnf to suit your needs (especially the names and Locations...)
- Start openssl-shell.cmd (ignore the possible error about a missing directory)
- Create a new CA by running the command:
After answering the data, you have a usable certificate authority and can now start to sign certificate requests. You can now find the public certificate of your CA in %CATOP%%CACERT% (in my case \CA\dfca2.pem). You need to install that certificate everywhere you want to use your signed certificates.
Signing certificates:
- Put the CSR file into the \CA\csr directory
- Run openssl-shell.cmd
- Sign the certificate by running this command:
You can find the signed certificate in \CA\certs.