How to Create an X509 Certificate


In the world of digital security, X509 is the accepted standard for Public Key Infrastructure certificates, which are used to validate the identity of servers. This validation is essential for the privacy and confidentiality that wise Internet users require before doing business on the Web. While you can purchase a certificate from one of the many commercial certificate authorities, you can also generate your own X509 certificate, which some believe to be at least as safe as a purchased certificate.


  • Open the Internet Information Services Manager tool, or "inetmgr." Click on “Start” and key “inetmgr” in the Search box. Press “Enter” to open the IIS Manager tool. Locate the level that you want to manage.

  • Double-click “Server Certificates” in the "Machine Features" view.

  • Click “Create Self-signed Certificate” in the "Actions" dialog.

  • Enter a friendly name for the X509 certificate in the “Specify a friendly name for the certificate” field. Click “OK.”

  • Open a browser. Enter "https://<servername>" in the URL address bar and press "Enter." A Security Alert dialog asking for permission to proceed should appear, indicating success.


  • Create a RSA private key with an OpenSSL command similar to the following:

    openssl genrsa –des3 –out myserver.key 1024

    A Triple-DES, 1024-bit encrypted key, in readable ASCII text format will be created for you.

  • Create the Certificate Signing Request with a command similar to the following:

    openssl req -new -key myserver.key -out myserver.csr

    Answer the prompts for information accurately, so that the certificate and SSL will be able to properly protect the server.

  • Create your self-signed X509 certificate with a command similar to the following:

    openssl x509 -req -days 200 -in myserver.csr -signkey myserver.key -out myserver.crt

    This certificate generated by this command is good for 200 days.

  • Install the private key and the X509 certificate with the following commands:

    cp myserver.crt /usr/local/apache/conf/ssl.crt
    cp myserver.key /usr/local/apache/conf/ssl.key

  • Configure your hosts with location information for your X509 certificate and keys, restart the server and test the certificate.

Related Searches


  • Photo Credit Thinkstock/Comstock/Getty Images
Promoted By Zergnet



You May Also Like

  • How to Create a DER Certificate

    Distinguished Encoding Rules (DER) are a way that security-focused applications can encode a file or object so that it can be signed...

Related Searches

Check It Out

Geek Vs Geek: Robot battles, hoverboard drag race, and more

Is DIY in your DNA? Become part of our maker community.
Submit Your Work!