Create PKCS#12 file with self-signed certificate via OpenSSL in Windows for my Android App

Question

I am writing an Android App that requires SSL certification for certain web requests. I need to build a PKCS12 file (.pfx) with Self-Signed Certificate.

I d

Answer 1

The Win32 OpenSSL Installation Project is dedicated to providing a simple installation of OpenSSL. It is easy to set up and easy to use through the simple, effective installer. No need to compile anything or jump through any hoops, just click a few times and it is installed, leaving you to doing real work. You can get it here. In your case, you need Win64 OpenSSL v1.0.1e Installer.

These instructions show how to generate a PKCS#12 private key and public certificate file that is suitable for use with HTTPS, FTPS. These instructions assume you have downloaded and installed the Windows binary distribution of OpenSSL.

1.Generate an RSA private key:

>C:\Openssl\bin\openssl.exe genrsa -out

Where:

is the desired filename for the private key file

is the desired key length of either 1024, 2048, or 4096

For example, type:

>C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048.

2. Generate a Certificate Signing Request:

In version 0.9.8h and later:

>C:\Openssl\bin\openssl.exe req -new -key -out -config C:\Openssl\bin\openssl.cfg

Where:

is the input filename of the previously generated private key

is the output filename of the certificate signing request

For example, type:

>C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf

3. Follow the on-screen prompts for the required certificate request information.

4. Generate a self-signed public certificate based on the request:

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in -signkey -out

Where:

is the input filename of the certificate signing request

is the input filename of the previously generated private key

is the output filename of the public certificate

For example, type:

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt

5. Generate a PKCS#12 file:

>C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in -inkey -out -name ""

Where:

is the input filename of the public certificate, in PEM format

is the input filename of the private key

is the output filename of the pkcs#12 format file

is the desired name that will sometimes be displayed in user interfaces.

For example, type:

>C:\Openssl\bin\openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in my_cert.crt -inkey my_key.key -out my_pkcs12.pfx -name "my-name"

6. (Optional) Delete unneeded files.

At this point, you only need the PKCS#12 format file, so you can delete the certificate signing request (.csr) file, the private key (.key) file, and the public certificate (.crt) file.

The resulting PKCS#12 format file may now be used within Secure FTP Server - FIPS.

The resulting PKCS#12 format (.pfx) file may now be used with the Firefox browser ver 34.0.5.