How To Set up OpenSSL on Windows 10 (PowerShell)


The Best WordPress plugins!

1. WP Reset

2. WP 301 Redirects

3. WP Force SSL

If this is your first time installing OpenSSL, then you will require SSH Keygen and a GPG key.
1. Download the latest Windows PowerShell from ; 2
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393

The “install openssl on windows 10” is a tutorial that tells you how to set up OpenSSL on Windows 10 (PowerShell). This will allow you to encrypt your files and use SSL/TLS.

How To Set up OpenSSL on Windows 10 (PowerShell)

Creating SSL certificates may be a difficult undertaking fraught with anger and sadness. It doesn’t have to be that way, however! You’ll be well on your way if you have Windows 10 and OpenSSL, as well as a little assistance from this tutorial.

You’ll discover how to install OpenSSL on Windows 10 in this post. You’ll be able to produce SSL certificates, troubleshoot and debug certificates, and convert between formats once the software is installed.

Let’s get started using PowerShell and OpenSSL!

Managing Certificates using Windows Certificate Manager and PowerShell is a related article.


You will learn utilizing a hands-on approach in this tutorial. While OpenSSL was originally developed for the Linux operating system, it may also be used on Windows.

This guide’s screenshots were taken using Windows 10 build 1909 and PowerShell 7.

Using PowerShell and Chocolatey to install OpenSSL

If you followed the installation instructions, the first thing you need to do is install OpenSSL on Windows 10. To do so, launch your PowerShell console and type choco install OpenSSL at the command prompt. Below are some examples of lightas.

Installing OpenSSL.Light using <a class=Using the Chocolatey package manager in PowerShell to install OpenSSL.Light

That concludes our discussion. With PowerShell, you’ve now installed OpenSSL.

Make a working directory for yourself.

This article will teach you how to make a few certificates. Create a new folder to save all of your work in one place so you can clear it up afterwards.

All certificates and associated files will be saved in the C:certs folder in this tutorial. Using PowerShell, you may create a folder by performing the command below.

C:certs -ItemType Directory -Path New-Item

It’s now time to set up OpenSSL.

Setting up OpenSSL

On Windows 10, OpenSSL comes without a configuration file by default. This is done on purpose since there are several setup choices to choose from. For the sake of this article, you’ll utilize an example setup that you may subsequently tweak to meet your own security needs.

Run the following command in PowerShell. This command obtains a sample configuration file from MIT and stores it in the current working directory as openssl.cnf.

You should now be able to view the openssl.cnf file and see something similar to the image below.

Configuration file for OpenSSL as an example in Visual Studio CodeConfiguration file for OpenSSL as an example

For the time being, the downloaded setup will operate as is. In a production environment, do not use the defaults!

Environment Variables for PowerShell Profiles should be updated.

On Windows 10, you should adjust your PowerShell profile to make things flow more easily. You may quickly switch between multiple versions of OpenSSL that you may have installed by setting up certain environment variables.

I recommend adding path and OPENSSL CONF as environment variables to your PowerShell profile. While on the command line, you’ll adjust the PATH environment variable to guarantee that you may launch the openssl binary from any place.

If you don’t currently have one, you may create one using the steps below. This program adds the OpenSSL binary path to your PATH and sets the OPENSSL CONF configuration file path.

# Add environment variables to a PowerShell profile # Look for a profile and construct one if one isn’t found! if (-not $profile (Test-Path)) New-Item -Path $profile -ItemType File -Force New-Item -Path $profile -ItemType File -Force # Add these lines to your profile by editing it. ‘$env:path = “$env:path;C:Program FilesOpenSSLbin”‘ | Out-File $profile -Append’$env:OPENSSL CONF = “C:certsopenssl.cnf”‘ | Out-File $profile -Append’$env:OPENSSL CONF = “C:certsopenssl.cnf”‘ | Out-File $profile

Reload your profile and type to utilize the environment variables. Close and reopen PowerShell, or use $profile.

As illustrated below, you can now quickly launch the openssl binary from anywhere in PowerShell.

Using PowerShell to check the version of OpenSSLUsing PowerShell to check the version of OpenSSL

Using OpenSSL on Windows 10 to Generate a CSR & Private Key

You must first make a certificate-signing request before you can produce an SSL certificate (CSR). A certificate signing request (CSR) is an encoded file that allows you to communicate your public key with a certificate authority (CA). Identification information, a signature algorithm, and a digital signature are all included in this file. Let’s get started by making your first CSR and private key.

X509 Certificates for Mortals: A Beginner’s Guide

Run the command below to generate a CSR. As you can see in the following example, OpenSSL will request you to submit some identifying information.

req -new -out MyFirst.csr openssl

Using OpenSSL with PowerShell to generate a CSR and Private KeyUsing OpenSSL with PowerShell to generate a CSR and Private Key

After you’ve finished, you’ll have a valid CSR and private key that can be used to get an SSL certificate.

If you don’t want to input data every time you produce a CSR, you may change the settings in the configuration file to speed up the process.

In the man pages, you may learn more about the possible CSR settings and see example setups. OpenSSL has a GitHub repository with examples as well.

RSA Key Pairs Generation

With OpenSSL, you can also construct RSA key pairs (public/private). To do so, use the genrsa subcommand to generate a private key, as illustrated below.

OpenSSL on Windows 10 will produce an RSA private key with a key length of 2048 bits when you perform the command below. On contemporary hardware, this key is created very instantly. The key that is generated is saved in the working directory.

# Create a private key with a maximum key size of 2048 characters. The number of keys that may be used is 512, 758, 1024, 1536, or 2048. rsa.private 2048 openssl genrsa -out

Then, using the private key you just produced with the rsa sub-command, construct a public key. From the rsa.private private key, the syntax below creates a public key named rsa.public in the working directory.

# openssl rsa -in rsa.private -out rsa.public -pubout -outform PEM # build a public key using the private key

How to Create a Self-Signed Certificate

You may need to create a self-signed certificate on occasion. Self-signed certificates are acceptable in a lab setting, but they are not a secure practice in a production setting.

Before going on to the next job, let’s make a self-signed certificate. To do so, use the following command to generate an X509 SSL certificate. This certificate will employ SHA256 cryptography and have an RSA key length of 2048 bits. It will be valid for 365 days. The certificate is stored in the current directory.

-x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

The certificate is now ready to be imported into a browser or server.

OpenSSL Validation of CSRs, Certificates, and Keys

You may save time debugging SSL problems by checking the information in a CSR, private key, certificate, or PKCS#12. For example, a certificate might have been created with the incorrect key. It’s possible that the certificate’s identifying information is incorrect.

Let’s start with a CSR and some arguments using the req command:

.MyFirst.csr openssl req -text -noout -verify

Using OpenSSL in PowerShell to verify a CSRUsing OpenSSL in PowerShell to verify a CSR

Details like the country name, the company name, and the email address you used to create the CSR at the start of this article should all be exact matches.

You may also use the x509 subcommand with a handful of options to verify a certificate:

x509 -in.certificate.crt -text -noout | more openssl

Using the x509 command in PowerShell to verify a certificate using OpenSSL.Using the x509 command in PowerShell to verify a certificate using OpenSSL.

Using OpenSSL to Convert Certificates

It is possible that a program will not employ a certain certificate format. This problem might arise when using an application like HAproxy, which demands a PEM certificate when you only have a DER-formatted certificate (.crt .cer .der).

Let’s convert the self-signed certificate produced previously in DER format (certificate.crt) to PEM to explain how to convert a certificate. To accomplish so, use the code in the following code snippet.

The x509 sub-command is used with the -inform option, which should match the format of the -in file followed by the -out format.

x509 -inform der -in.certificate.crt -out.certificate.pem openssl x509 -inform der -in.certificate.crt -out.certificate.pem

If you want to use the DER format from PEM, you may also reverse the order, as illustrated below.

x509 -outform der openssl -in.certificate.pem -out.certificate.der -in.certificate.pem -out.certificate.der

Last but not least, you may convert PEM to PKCS#12 and PKCS#12 to PEM. Private keys and certificates are stored in this file format. Use the pkcs12 subcommand to convert to PEM format.

pkcs12 -in openssl -out SomeKeyStore.pfx -nodes SomeKeyStore.pem

With a few more parameters, you may convert a PEM certificate and private key to PKCS#12 format using -export. Using SomeCertificate.crt as the input source, you may export a PKCS#12 formatted certificate using your private key. You may verify SomeCertificate.crt by using the -certfile option value MyCACert.crt.

pkcs12 -export -out SomeCertificate.pfx -inkey SomePrivateKey.key -in SomeCertificate.crt -certfile openssl pkcs12 -export -out SomeCertificate.pfx -inkey SomePrivateKey.key -inkey SomePrivateKey.key -inkey SomePrivateKey.key – MyCACert.crt

Troubleshooting & Debugging

Now that you can create & convert CSR’s, certificates, and key pairs, it’s time to learn how to troubleshoot and debug them. OpenSSL comes with commands that make it a breeze to troubleshoot problems.

OpenSSL also enables you to verify the integrity of certificates and test for data corruption. You may use the following code samples to test certificates, keys, and CSRs using an MD5 checksum:

# Public / Private Keys openssl x509 -noout -modulus -in.certificate.crt | openssl md5 # Certificates openssl x509 -noout -modulus -in.certificate.crt openssl md5 | openssl rsa -noout -modulus -in.privateKey.key # openssl req -noout -modulus -in.MyFirst.csr | openssl md5 | openssl req -noout -modulus -in.MyFirst.csr # Openssl s client -connect to check an external SSL connection: 443

After you have the original hash, you may compare it to a current hash to make sure the certificate hasn’t been tampered with or damaged.

Here’s an example of how the code might appear in PowerShell:

In PowerShell, here's an example of a troubleshooting command output using OpenSSL.In PowerShell, here’s an example of a troubleshooting command output using OpenSSL.


You’ve learned how to install and setup OpenSSL on Windows 10, as well as how to generate a CSR, key pair, and SSL certificate. You’ve also learned how to use built-in sub-commands to convert between various certificate types and do some basic troubleshooting.

Additional Information

The “openssl windows 10 download” is a command-line tool that allows users to set up OpenSSL on Windows 10. It can be done using PowerShell.

Frequently Asked Questions

How do I install OpenSSL on Windows PowerShell?

A: Installing OpenSSL on Windows PowerShell is a little different from environments like Linux or Mac OSX. You will need to do the following steps in order to install it correctly:
C:\> cd C:\Windows\System32
C:\Windows\System32> mkdir tls1_0 && cd tls1_0
C:\Windows\System32> openssl req -nodes -newkey rsa:4096 之前拷贝过的那个密钥,我在此处可以做一次算机学习后写入到新的话会要10-20分钟完成 还不如直接用openssl x509命令生成新的密钥。注意字体大小增加很多。
Then, we would be able to create an RSA key and use that for our SSL connection as well.

Can I run OpenSSL in PowerShell?

A: The OpenSSL library is not available for PowerShell, so you cannot run the program.

How do I install OpenSSL on Windows 10?

A: OpenSSL is a cryptographic software library that provides support for secure communications between the server and client. It improves on SSL by providing more flexible key management, certificate systems, and allowing its protocol to be used without any trusted third parties.

Related Tags

  • openssl windows 10
  • install openssl windows 10 64-bit
  • install openssl powershell
  • openssl windows command line
  • openssl powershell module

Table of Content