How to install openssl on windows

Installing OpenSSL on Windows 10 and updating PATH

Install OpenSSL

This step is a simple one. Simply choose the version that applies to your PC from here. As example, I chose the Win64 OpenSSL v1.1.1g MSI (not the light version) from the table:

Run the EXE or MSI with default settings till completion and that should take care of installing OpenSSL!

Add OpenSSL to your PATH

Why do we want to do this? First off, it’s not a necessity, it just makes it more convenient to use OpenSSL from the command line in the directory of your choice. After the initial install, the openssl.exe is only available from the directory where it resides, namely:

You could open a command prompt from here and perform the operations you want, but as I am using this to create a Certificate Signing Request (CSR) for a specific purpose, I like to create that from the directory where I’d like to keep that CSR. To do that, lets add it to our PATH, which we can find in the Environment Variables. Here we go:

Important note: if you already had a command prompt open, you will need to close and reopen in order for this to work. Michael Galloway thank you for this remark!

And that’s it! You should now be able to use OpenSSL from the directory you desire.

How to Installing OpenSSL on Windows 10, 11

What is OpenSSL?

OpenSSL is a single-system image clustering system that is open-source. It allows a group of computers to be viewed as a single colossal system, giving programs running on any one machine access to all of the cluster’s resources. [It is the culmination of a long development process that began with the development of LOCUS in the early 1980s.

OpenSSL allows a group of separate computers (nodes) to be regarded as one massive system. Processes running on any node have full access to all node resources.

Functionalities can be automatically transferred from node to node to balance system utilization. Alternatively, the cluster might be set up so that each node has direct access to the file system.

Step 1 Download OpenSSL Binaries

In our article, we are downloading

Step 2 Unpack OpenSSL Zip files

Unpack the content of (openssl-1.0.2j-fips-x86_64.zip) zip file into your desired location in our example we are using (D:\OpenSSL) folder
This comes with three folders (bin, include & lib) as shown in the image

Step 3: Set OpenSSL Path in Windows path

We have extracted OpenSSL files in directory D:\OpenSSL\bin
So our OpenSSL path is D:\OpenSSL\bin

Open explorer and right-mouse click on This PC icon as shown in the image

Under System About window click on the Advanced system settings button

Under the System Property window click on the Environment Variables button

Under the Advanced Environment window select Path and then click on the Edit button

Under the Environment Variable window click on the New button

Paste the path of OpenSSL (D:\OpenSSL\bin) and click the OK button

Step 4: Set System Variable for OPENSSL_CONF

Now to set system variable for OPENSSL_CONF

Click on the New button under the System Variable window

Now add system variable values as given, the path to your openssl.conf file location as shown below, and click on the OK button

Name: OPENSSL_CONF
Value: D:\OpenSSL\bin\openssl.cnf

Now you can see that the system variable is set

For window 10 and 11 you don’t have to restart your system to effect changes, else you need to restart the system

Step5: Test OpenSSL

To test OpenSSL installed properly open the terminal and check the OpenSSL version

If it displays the OpenSSL version then OpenSSL is installed properly.

Important Commands for Open SSL

Creating a Private Key

Private Key is very important it is required for all operations in SSL, this Private key is required to create a CSR file.

It will ask for the password, please keep the password in a safe place because it is required in many places.

1. Create CSR Creating a Certificate Signing Request

CSR file is required to generate an SSL certificate.
This CSR file contains information about the certificate and private key

Information required by CSR:

Enter pass phrase for mydomain-com.key:
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Haryana
Locality Name (eg, city) []:Gurgaon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:myDomain
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.mydomain.com
Email Address []:contact@mydomain.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Important: Common Name is the Fully Qualified Domain Name for which you want an SSL certificate.
This CSR file is used by different SSL certificate companies to generate SSL Certificate

Generate Private key and CSR with Single command.

Creating a Self-Signed Certificate

A self-Signed Certificate is an SSL certificate is generated by using your own private key, it is not used for commercial purposes because it shows a warning that says the certificate is not trusted.

So self-signed certificate can be used for development and testing purposes.

Convert CRT file to PFX file

The .pfx file is required to install an SSL certificate in the windows system, this file contains Private Key and SSL certificate.

The Remarkable OpenSSL on Windows 10 (PowerShell)

Read more tutorials by Bill Kindle!

Table of Contents

Generating SSL certificates can be a daunting task, one filled with frustration and sorrow. But it doesn’t have to be that way! If you have Windows 10 and OpenSSL along with a little help from this tutorial, you will be well on your way.

In this article, you’re going to learn how to install OpenSSL on Windows 10. Once installed, you’ll then generate SSL certificates, troubleshoot and debug certificates, and convert between formats.

Let’s begin mastering OpenSSL on Windows 10 with PowerShell!

Table of Contents

Prerequisites

In this article, you are going to learn using a hands-on approach. While OpenSSL historically is a Linux OS utility, you can use it with Windows OS as well.

All screenshots in this guide were taken from Windows 10 build 1909 and PowerShell 7.

Installing OpenSSL on Windows 10 with PowerShell and Chocolatey

Assuming you have installed Chocolatey using the installation instructions, your first task is to install OpenSSL on Windows 10. To do this, open up your PowerShell console and run choco install OpenSSL.Light as shown below.

That’s it! You’ve now installed OpenSSL with PowerShell.

Set up a Working Directory

This tutorial will be creating a few certificates to learn from. To ensure all of the work you do here is confined to a single folder you can clean up later, go ahead and create one.

This tutorial will store all certificates and related files in the C:\certs folder. You can create a folder with PowerShell by running the below command.

Now it’s time to configure OpenSSL.

Configuring OpenSSL

By default, OpenSSL on Windows 10 does not come with a configuration file. This is intentional because there are a lot of configuration options that you can customize. For the purposes of this guide, you are going to use a sample configuration that you can customize later to best suit your security requirements.

Open up PowerShell and run the below command. This command downloads a sample configuration file from MIT and saves it as openssl.cnf in the current working directory.

You can now open up the openssl.cnf file and you should see something that looks like below.

The downloaded configuration will work as-is for now. Do not use the defaults in a production environment!

Update PowerShell Profile Environment Variables

To make things go smoothly, you should modify your PowerShell profile on Windows 10. Setting up some environment variables allows you to easily switch between different versions of OpenSSL that you may have installed.

Now you can easily invoke the openssl binary wherever you are in PowerShell as shown below.

Using OpenSSL on Windows 10 to Generate a CSR & Private Key

Before you can create an SSL certificate, you must generate a certifiate-signing request (CSR). A CSR is an encoded file that provides you with a way to share your public key with a certificate authority (CA). This file contains identifying information, a signature algorithm, and a digital signature. Let’s create your first CSR and private key.

To create a CSR, run the below command. OpenSSL will then prompt you to enter some identifying information as you can see in the following demonstration.

Once complete, you will have a valid CSR and private key which can be used to issue an SSL certificate to you.

The configuration file defaults can be edited further to streamline this process should you not want to enter data every time you generate a CSR.

You can read more about the available CSR options and view sample configurations in the man pages. OpenSSL also has an active GitHub repository with examples too.

Generating RSA Key Pairs

You can also create RSA key pairs (public/private) with OpenSSL. To do so, first, create a private key using the genrsa sub-command as shown below.

When you run the command below, OpenSSL on Windows 10 will generate a RSA private key with a key length of 2048 bits. This key is generated almost immediately on modern hardware. The resulting key is output in the working directory

Next, generate a public key using the private key that you just created using the rsa sub-command. The syntax below will create a public key called rsa.public in the working directory from the rsa.private private key.

Generating a Self-Signed Certificate

On occasion you may need to generate a self-signed certificate. Self-signed certificates are fine to use for lab use but not a secure practice to use in a production environment.

Let’s create a self-signed certificate before moving onto the next task. To do so, enter the command below to create an X509 SSL certificate. This certificate will use SHA256 cryptography that will be valid for 365 days using an RSA key length of 2048 bits. The certificate will be saved to the working directory.

You are now ready to import the certificate into a browser or server.

Validating CSRs, Certificates, and Keys with OpenSSL

Checking the information in a CSR, private key, certificate, or PKCS#12 can save you time troubleshooting SSL errors. Sometimes a wrong key may have been used to create a certificate, for example. You may have the wrong identifying information in the certificate.

Let’s start by checking a CSR using the req command and some parameters:

Details such as country name, organizational name, and the email address you entered when creating the CSR at the beginning of this guide, should match precisely.

You can also check a certificate using the x509 sub-command with a couple of parameters:

Converting Certificates with OpenSSL

To demonstrate converting a certificate, let’s convert the self-signed certificate created earlier in a DER format (certificate.crt) to PEM. Use the code in the following code snippet to do so.

You can also reverse the order if you’d like to the DER format from PEM too as shown below.

And last but not least, you can convert PKCS#12 to PEM and PEM to PKCS#12. This is a file type that contain private keys and certificates. To convert to PEM format, use the pkcs12 sub-command.

Troubleshooting & Debugging

Now that you can create & convert CSR’s, certificates, and key pairs, it’s time to learn how to troubleshoot and debug them. OpenSSL comes with commands that make it a breeze to troubleshoot problems.

OpenSSL also allows you to check certificates for file integrity and test for possible data corruption. Using an MD5 checksum, you can use the following code examples to test certificates, keys and CSR’s:

Once you have the original hash, you can then compare that original hash with a current hash to verify the certificate hasn’t been modified or corrupted.

Here’s a sample of what that code looks like when run in PowerShell:

Summary

In this article, you have learned how to install and configure OpenSSL on Windows 10, create a CSR, key pair, and SSL certificate. You have also learned how to convert between different certificate formats and do some basic troubleshooting using built-in sub-commands.

Additional Resources

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

More from ATA Learning & Partners

Recommended Resources!

Recommended Resources for Training, Information Security, Automation, and more!

Get Paid to Write!

ATA Learning is always seeking instructors of all experience levels. Regardless if you’re a junior admin or system architect, you have something to share. Why not write on a platform with an existing audience and share your knowledge with the world?

ATA Learning Guidebooks

ATA Learning is known for its high-quality written tutorials in the form of blog posts. Support ATA Learning with ATA Guidebook PDF eBooks available offline and with no ads!

How to install the most recent version of OpenSSL on Windows 10 in 64 Bit

In the age of cyber warfare, being paranoid is the only reasonable attitude and that means, among other things, being paranoid about software updates.

Take for example OpenSSL. This open source cryptography library that implements the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols is designed to “secure communications over computer networks against eavesdropping”, but guess what: it has been riddled with bugs since its inception. This may be unavoidable, to a certain degree — after all, we are speaking about software. Even so, the inherent flaws of OpenSSL should not be an excuse for not keeping the version you use as bullet-proof as possible. Let’s not forget that your car is most likely hackable by a 15 year old and yet you still (presumably) lock the doors.

While you can’t do much about the yet-to-be-identified bugs, you can at least protect your systems from those bugs that have been already patched up and widely documented.

Too bad the official OpenSSL website offers Linux sources only.

While Linux distributions routinely come loaded with OpenSSL, this is not the case for Windows… or shall we say “Windows distributions”. (Didn’t Microsoft want to “Linuxify” its flaggship OS? Never mind.) If you want to run it, you need a Windows binary, and unless you are willing to compile it yourself, you have to to rely on someone else.

Here is how you can set up OpenSSL on Windows without having to deal with the code.

Step 1. Get hold of the binaries

Finding Windows binaries of OpenSSL is not an easy task, but don’t get discouraged. They do exist. To download them, navigate to:

Don’t be fooled by the Win32 string in the URL nor by the navigation pointing you to a seemingly ancient download page from way back in 2004 (from the “Products” tab through the “Win32 OpenSSL link”). Scroll down the page to the section “Download Win32 OpenSSL”, ignoring the confusing string. Now you need to pick the right binary from the list. For each version, there are two basic types: the full installer and the light installer.

Download the one named “Win64 OpenSSL v1.1.0f” (or a higher-numbered version once it becomes available) to get the full installer.

The current version as of this writing (OpenSSL 1.1.0h) is very different from previous releases. It is not the same thing at all so pay attention to the release numbers! The worst thing you can do is use an old version that has documented bugs that anyone could exploit following a howto!

Step 2. Run the installer

We recommend installing OpenSSL outside of your Windows system directory.

Step 3. Start the OpenSSL binary

To invoke OpenSSL, you can simply right-click on it in the Windows Explorer at its install location, for example in:

then choose “Run as Administrator”.

Starting the OpenSSL binary on Windows

It will open a cmd window with the OpenSSL command prompt. Here is what to expect.

Verifying the version of OpenSSL on Windows

Now you are ready to start creating your OpenSSL keys. (Speaking of which: users of the remote access utility PuTTY can export an OpenSSH key from PuTTYgen.) When using OpenSSL on Windows in this way, you simply omit the openssl command you see at the prompt. For example, to generate your key pair using OpenSSL on Windows, you may enter:

and follow the onscreen instructions as usual. To review the certificate:

How To Install OpenSSL on Windows

Keeping your computer secure is a balancing act. On one hand, you need to keep your computer safe from viruses and hackers so that confidential information doesn’t get leaked. On the other hand, it’s also important that programs and apps are able to access information from users as needed so they can complete tasks efficiently. Keeping these two factors in mind is essential when installing software on your Windows OS.

Luckily for you, this article will explore how you can install OpenSSL on Windows. You see, OpenSSL helps developers and programmers create applications or software that have encrypted communication over the internet. In this article, you will learn what OpenSSL is and why it’s essential when creating a new app or program with security in mind. Additionally, we explore how to install OpenSSL on Windows using simple steps that even beginners can understand. Let’s get started!

This tutorial will help you to install OpenSSL on Windows operating systems.

Step 1 – Download OpenSSL Binary

You need to download the latest OpenSSL windows installer file. Click the below link to visit the OpenSSL download page:

The above screenshot may be outdated but we recommend downloading the most recent version of OpenSSL.

Step 2 – Run OpenSSL Installer

Now run the OpenSSL installer on your system. The OpenSSL required Microsoft Visual C++ to be installed on your system. If your system doesn’t have Microsoft Visual C++ installed, the installer will show your message like:

Click Yes to download and install required Microsoft Visual C++ package on your system.

Then again run the OpenSSL installer and follow the wizard.

Step 3 – Setup Environment Variables

Now set the environment variables to function OpenSSL properly on your system. You are required to set OPENSSL_CONF and Path environment variables.

Use the following commands to set the environment for the current session only:

Set Variables Permanently – You can also set the OPENSSL_CONF and Path environment variables in the system permanently. To set the environment variable follow:

Press Windows + R keys together to open run window, Then type “sysdm.cpl” in the Run dialog box and hit Enter. Alternatively, you can open Command Prompt and type the same command to open System Properties

Go to “Advanced” tab and click on “Environment variables“.

Set OPENSSL_CONF Variable:

Set Path Variable:

Step 4 – Run OpenSSL Binary

Open a command prompt on your system and type openssl to open OpenSSL prompt. After that type version to get the installed OpenSSL version on your system.