In this article, we shall discuss how to Install OpenSSL on Windows Computers. OpenSSL is an open-source command-line tool that is used to generate the SSL certificate and private key and is available in both versions 32 and 64 bit. Please see How to fix Windows Update Fails with Error 0x80092004, how to Fix the Port used for the Virtualhost is not an Apache Listen Port, and Shell Scripting: How to Automate a Process in Linux.
OpenSSL is a cryptographic SSL/TLS tool kit, which provides a wide range of solutions for those who work on Digital Certificates, SSL/TLS testing, application development or implementation, application testing, and security testing.
It is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions.
There are a lot of things you can do using OpenSSL. Only a few of them are listed here:
- You can create your own Certificate Authority and issue certificates on your network.
- Convert digital certificates from one to another format.
- Export or Import private keys from the certificates.
- Validate the HTTPS connections to the destination website.
- Verify the certificate of the destination website.
- Run benchmark tests of your server and remote website.
- Extract information like issuer, subject, issued and expiring dates, and fingerprint from certificates.
- Create CSR.
- Decode CSR and Certificates to verify contents.
Also, see Environment variables in Windows 10, What are the differences between a Role and a Feature, and How to Secure your API key in Postman.
Install OpenSSL On The Windows
First, you will have to download the latest version of OpenSSL from here. The installation procedure is very simple and straight. You should download the OpenSSL installer, run it to install, and configure Environment variables.
Download the OpenSSL installer, and choose the version that applies to your PC from here.
Run the EXE or MSI with default settings till completion and that should take care of installing OpenSSL. For me, I am downloading the MSI
Execute the downloaded installer file and install the OpenSSL on the Windows machine.
The installation procedure is quite simple and straight. By default, this is set to I do not accept the license.
Specify the Installation location
Click on Next if you are Okay with the program shortcut. If not, please use the Browse button to specify this.
I am fine with the defaults for the “Additional Tasks”. Click Next to proceed.
click on the Install button to initiate the OpenSSL installation.
If you wish to donate, then select any of the buttons. For me, I will uncheck and select finish. If you do not want to donate, pleae uncheck.
Alternatively, you could also install OpenSSL via Cygwin. Cygwin offers a simple way to install a large collection of free and open-source software on Windows. See how How to install Ansible on Windows with Cygwin.
Please see How to determine Cygwin version, and how to view installed packages in Cygwin. Here is how to install additional packages via Cygwin, and How to view installed packages in Cygwin on Windows.
Why Create an environment variable?
To make OpenSSL accessible from any directory. That is, outside its own directory when opening a Command Prompt in an arbitrary location etc.
It is more convenient to use OpenSSL from the command line in the directory of your choice. After the initial install, the openssl.exe is only available from the directory where it resides as shown below. You could open a command prompt from here and perform the operations you want.
C:\Program Files\OpenSSL-Win64\binSet Environment variable
To add OpenSSL to your PATH (env variable) Open Run using ‘Windows’ + ‘r’ then type ‘sysdm.cpl‘. Go to Advanced > Environment Variable.
Or hit the Windows button on your keyboard or click it in the task bar, then search for “Environment Variables”.
In the system variables section, select Path and click Edit.
Click on Browse.
Go to where the openssl.exe is, which should be at “This PC > Windows (C:) > Program Files > OpenSSL – Win64 > bin” and select that folder. Click OK.
The path has been added. Click on Ok on all open windows (wizards) until they are closed
Verify that OpenSSL is now accessible from outside its own directory by opening a Command Prompt in an arbitrary location. I just opened the Command Prompt and left it at its default directory. Enter openssl version and see the result.
Note: If you already had a command prompt open. You will need to close and reopen in order for this to work
In the OpenSSL commands below, replace the filenames in ALL CAPS with the actual paths and filenames you are working with.
View contents of PEM certificate file
To view the conetent of the .pem file, please run the command below.
openssl x509 -in CERTIFICATE.pem -text -nooutLearn the differences between Private and Public networks in Windows to VPN, and how to Convert a PEM Key to a PPK Key on a Linux and Windows.
Read Content of the Private Key (in .PEM format for Errors)
The command openssl rsa -in is used to process RSA private keys using OpenSSL. It allows you to read, modify, or convert RSA private keys in various formats with the command below. Here is an interesting article from SSL.
openssl rsa -in
Below is an explanation of what the command does
- openssl: This is the OpenSSL command-line tool, which provides various cryptographic functions.
- rsa: This specifies that you want to work with RSA private keys.
- -in <filename>: This option specifies the input file, which should be an existing RSA private key file (in PEM format).
Please see Apache errors associated with WAMP installation for TeamPass, how to Setup VirtualHost with SSL on WAMP Server, and how to uninstall WAMPServer from Windows.
Converting to a different key format/Publick Key Extraction
You can also use the openssl rsa command to convert the key from one format to another. Such as from the PEM to DER, or to extract the public key from the private key as shown below.
openssl rsa -in private_key.pem -out public_key.pem
The above command will invokes the OpenSSL command-line tool and instruct it to process an RSA private key.
- -in private_key.pem specifies the input file (private_key.pem) that contains the RSA private key. This file must be in PEM format, which is a base64-encoded format that includes delimiters such as —–BEGIN PRIVATE KEY—– and —–END PRIVATE KEY—–.
- -out public_key.pem specifies the output file (public_key.pem) where the extracted public key will be saved. The public key will be written to this file in PEM format as shown in the above image.
Note: The public key can be shared openly, while the private key must remain secure. Extracting the public key from the private key allows you to use the public key for encryption or verification while keeping the private key secure for decryption or signing.
I hope you found this article very useful on How to Install OpenSSL on Windows Computers. Please feel free to leave a comment below.
The post How to Install OpenSSL on Windows Computers appeared first on TechDirectArchive.