Introduction
Recently I was deploying IdentityServer4 to AWS and I needed self signing certificates for that purpose.
I went online to get the settings for this configuration and there were a lot of articles describing in various different ways and sometimes a lot of extra information was there, which was rather confusing. Here I am describing a very simple way to get this done on windows OS.
Open SSL and Git Bash
I am using windows and windows do not have openSSL utility by default. But I also have Git installed on my machine and with Git you get a Gitbash utility and you can use it to execute openSSL command to generate the certificates. So open a git bash prompt by Shift+RightClick in empty area of a folder:
Next, execute the following command in the shell:
openssl req -newkey rsa:2048 -nodes -keyout fm.key -x509 -days 365 -out fm.cer
this will ask for some information e.g Country Name and the likes, I just accepted the default values:
It will generate two files in the folder:
fm.keyfm.cer
Create pfx file
Next, we want to create an encapsulation of these two files. We do that by creating a pfx file. We can use openSSL again to create a pfx file by executing the following command:
openssl pkcs12 -export -in fm.cer -inkey fm.key -out fm.pfxnotice we used the earlier created files in this command when creating pfx file.
Once you execute the command, you will notice that command just hangs there and nothing happens:
if this happens with you, the just close the git bash window and reopen it. then execute the following commands first:
winpty bashand then execute the pfx command again
openssl pkcs12 -export -in fm.cer -inkey fm.key -out fm.pfxthis time, it will go forward and ask you for password to protect the pfx file as shown below:
and that’s it, you can see that a new pfx file is created in the folder as well:
Now, you can take this file and use it in your IdentityServer configuration as follows:
In my case I copied the certificate to .NET Core Project solution, but you can store it in certificate store and read it from there or any other way as per your requirements.
Summary
Creating self signing certificates is easy if you have git bash installed on windows. Let me know if you have some questions or comments. Till Next Time, Happy Coding.