OpenSSL is a small but powerful open source cross-platform utility, which can be used in various digital PKI certificate activities. OpenSSL can be used to convert the digital certificates from one to another format, export private keys from certificates, and build your own Certificate Authority. However, OpenSSL is included in basic packages in most of the popular Linux distributions. It is not required to install the OpenSSL on Linux. Well, the story is not similar in the case of the Windows platform. Don’t be disappointed, since OpenSSL is a cross-platform utility that supports Windows, Linux, and mac. You can install OpenSSL on the Windows platform just with few clicks.
Why Should You Install OpenSSL On Windows?
First of all, OpenSSL is not for normal users. It is not mandatory to install OpenSSL on the Windows platform. As we said earlier, OpenSSL is a cryptographic SSL/TLS tool kit, which provides a wide range of solutions for those who work on Digital Certificates, SSL/TLS testing, application development or implementation, application testing, and security testing. There are a lot of things you can do using OpenSSL. Only a few of them are listed here:
- You can create your own Certificate Authority and issue certificates on your network.
- Convert digital certificates from one to another format.
- Export or Import private keys from the certificates.
- Validate the HTTPS connections to the destination website.
- Verify the certificate of the destination website.
- Run benchmark tests of your server and remote website.
- Extract information like issuer, subject, issued and expiring dates, and fingerprint from certificates.
- Create CSR.
- Decode CSR and Certificates to verify contents.
You can enjoy the features of OpenSSL if you have installed it on your Windows machine.
Let’s begin the procedure to install OpenSSL on the Windows platform.
How To Install OpenSSL On The Windows Platform?
The installation procedure is very simple and straight. You should download the OpenSSL installer, run it to install, and configure Environment variables.
Time needed: 10 minutes.
How to Install OpenSSL on The Windows Platform?
- Download the OpenSSL installer
Download the OpenSSL installer from the official OpenSSL download link: https://slproweb.com/products/Win32OpenSSL.html
- Run the OpenSSL installer to install
Execute the downloaded installer file and install the OpenSSL on the Windows machine.
The installation procedure is quite simple and straight.
1. Accept license agreement.
2. Specify the Installation location.
- Initiate installing OpenSSL
Set Start Menu location and the additional task then click on the Install button to initiate the OpenSSL installation.
- Installation in progress…….
- Complete the installation of OpenSSL.
The installation will take 5 to 10 seconds. Click Finish to complete the installation process.
- Set Environment variable
If you just want to set the environment varibles only for a login session, then run these commands.
>set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
>set Path= C:\Program Files\OpenSSL-Win64\bin
If you want to set the env variable for permanently, then add OPENSSL_CONF and Path env variable on System Properties.
Open Run using ‘Windows’ + ‘r’ then type ‘sysdm.cpl‘. Go to Advanced > Environment Variable.
Set OPENSSL_CONF and Path variables.
- Run OpenSSL
Open the command prompt using ‘Windows’ + ‘r’ then type ‘cmd‘ to open command prompt.
Type openssl version command on CLI to ensure OpenSSL is installed and configured on your Windows machine. You should see the version information if OpenSSL is configured correctly.
Thats’s it. This is how you can install OpenSSL on the Windows platform. Simple itn’t it?
Thanks for reading the small tutorial. Please follow us on this blog to see more such tutorials and security updates.
Frequently Asked Questions:
OpenSSL is an open-source software library that provides cryptographic functionality and implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. It is widely used to secure communications over computer networks and to create, manage, and verify digital certificates.
Installing OpenSSL on your Windows computer allows you to perform various cryptographic operations, such as generating public and private keys, creating Certificate Signing Requests (CSRs), and managing SSL/TLS certificates. It is particularly useful for developers, system administrators, and cybersecurity professionals.
Yes, OpenSSL is available for various operating systems, including Linux, macOS, and BSD. The installation process may vary depending on the platform, but the overall concepts remain the same.
You can download precompiled OpenSSL binaries for Windows from a trusted third-party website, such as the Shining Light Productions’ Win32/Win64 OpenSSL Installer (https://slproweb.com/products/Win32OpenSSL.html). Make sure to download the appropriate version (32-bit or 64-bit) according to your Windows operating system.
To install OpenSSL on your Windows computer, follow these steps:
1, Download the OpenSSL installer from a trusted source.
2. Run the installer and follow the installation wizard.
3. During installation, choose a directory where OpenSSL will be installed (e.g., C:\OpenSSL).
4. Once the installation is complete, add the OpenSSL directory to your system’s PATH environment variable.
5. Verify the installation by opening a Command Prompt and entering openssl version. You should see the OpenSSL version number displayed.
To update OpenSSL on your Windows computer, download the latest version of the OpenSSL installer from a trusted source and run the installer. The new version will replace the existing installation. Make sure to update your system’s PATH environment variable if the installation directory has changed.
While OpenSSL itself does not come with a GUI, there are third-party applications that provide a graphical interface for managing SSL/TLS certificates and keys, such as XCA (https://hohnstaedt.de/xca/), OpenSSL UI (https://sourceforge.net/projects/opensslui/), and TinyCA (https://tinyca.sm-zone.net/).
To generate a self-signed SSL certificate using OpenSSL on Windows, follow these steps:
1. Open a Command Prompt.
2. Navigate to the OpenSSL directory (e.g., C:\OpenSSL\bin).
3. Enter the following command to generate a private key:
openssl genrsa -out private_key.pem 2048
4. Enter the following command to create a self-signed SSL certificate:
openssl req -new -x509 -key private_key.pem -out certificate.pem -days 365
5. Fill in the required information when prompted.
Yes, you can use the openssl s_client command to connect to a remote server using SSL/TLS. For example, to connect to a secure website, you can enter the following command in a Command Prompt:
openssl s_client -connect example.com:443
To get help with OpenSSL commands on Windows, you can use the openssl help command in a Command Prompt. This will display a list of available commands and their brief descriptions. For more detailed information on a specific command, you can type openssl <command> -help, replacing <command> with the desired command. Additionally, you can refer to the official OpenSSL documentation (https://www.openssl.org/docs/) or seek assistance from online forums and communities.
Need your help. Running Windows 2019 server. Have only one (1) IP.
Have one Standard UCC SSL Certificate with four (4) Subject Alternative Names (SANs)
How do I install this so that all sites have the SSL certificate installed? We have the primary site and 4 SANs sites.
Thank you
Generate a CSR on the primary server and get the Certificate issued. Install the issued Certificate on your primary server, and export the certificate in PFX (with the private key). Reuse the PFX certificates on the remaining SAN servers.
Note: The certificate only works only if you have the PFX certificate with the private key.
Great one! Straight to the point
Thanks, Bhavesh.
(spyder-env) C:\Users\leifs\miniconda3>sysdm.cpl
(spyder-env) C:\Users\leifs\miniconda3>set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
(spyder-env) C:\Users\leifs\miniconda3>set Path= C:\Program Files\OpenSSL-Win64\bin
(spyder-env) C:\Users\leifs\miniconda3>openssl version
'openssl' is not recognized as an internal or external command,
operable program or batch file.
(spyder-env) C:\Users\leifs\miniconda3>path
PATH= C:\Program Files\OpenSSL-Win64\bin
Hello Leir,
I hope you have installed the OpenSSL and then tried to configure the Environment variables. If yes, could you try to configure the EnvVar on system properties?
thankssss !!!!
You are welcome!
How To Generate A CSR For A Multi-Domain SSL Certificate Using OpenSSL in Windows machine.
Hello Purushothama,
Well, you can easily create a multi-domain CSR without OpenSSL on Windows. If you really want to create using OpenSSL, you can try this procedure: https://thesecmaster.com/how-to-generate-a-csr-for-multi-domain-ssl-certificates-using-openssl/
When you say "Download the OpenSSL installer from the official OpenSSL download link: https://slproweb.com/products/Win32OpenSSL.html", what's official about this link?
The OpenSSL project site references this link with the disclaimer "Use these OpenSSL derived products at your own risk; these products have not been evaluated or tested by the OpenSSL project". That doesn't sound very official.
Just wondering why I would trust this particular distribution? Genuinely interested in identifying a Windows bundle I can trust in my enterprise environment but struggling find something that's above my risk threshold.
Hello Michael,
We can understand your concern. We got this reference from the OpenSSL Wiki. Since OpenSSL project does not distribute any code in binary form, we are not left with any option other than relying on third parties.
Our Believe is, OpenSSL trusts these third parties and doesn’t want to own the responsibilities. On the other hand, This could be the reason OpenSSL provides references on its official wiki page.
On top of that, I have seen OpenSSL veterans using this link for downloading the binaries.
Ref:
https://www.openssl.org/community/binaries.html
https://wiki.openssl.org/index.php/Binaries
Thanks for the help. But I didn't find openssl.cfg inside bin, instead it was openssl.exe
nice, but there is no openssl.cfg in the bin folder – what to do?
On the Windows OpenSSL installation, you may have openssl.cnf or openssl.conf files. Try locating any of these files and create an environmental variable pointing to the file. Or use -config flag in your openssl command to point the config file. We hope this solution may work for you.
Please let us know if this solution solves your problem. This helps others who would fall into the same problem.
Let us know if you need more help on this.
It needs the administrator right to install it, is that correct?
Probably yes. We tried this only using an admin account.