Create SSL certificates
Create self-signed SSL certificates and CA-signed SSL certificates.
Read time 2 minutesLast updated 21 days ago
Use a self-signed SSL for application development and tests. If you create a certificate, you can avoid the cost of a certificate signed by an external certificate authority. You can create SSL certificates for Windows or Linux and macOS.
Create SSL certificates on Windows
Prerequisites
For Windows, you need the following tools:Note
These tools are available in the Windows SDK. For more information, refer to the Microsoft Windows SDK documentation.
-
(Makecert.exe) is a command line CryptoAPI tool that creates an X.509 certificate signed by a system test root key or another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate saves to a file, a system certificate store, or both. For more information, refer to Microsoft MakeCert documentation.
makecert -
(Pvk2Pfx.exe) is a command line tool that transfers public key and private key information contained in
pvk2pfx,.spc, and.cerfiles to a Personal Information Exchange (.pvk) file. For more information, refer to the Microsoft Pvk2Pfx documentation..pfx
Create a self signed certificate
Create a .pvk certificate is now ready to be used with the Unity Version Control (UVCS) server.- Run the command to generate the
makecertand.pvkfiles:.cermakecert -n "CN=TARDIS" -r -a sha1 -sky exchange -sv Tardis.pvk Tardis.cer - Make a note of the password because you need it for the command.
pvk2pfx - Use the tool to combine the generated .pvk and .cer files into the final .pfx file:
pvk2pfxpvk2pfx -pvk "Tardis.pvk" -spc "Tardis.cer" -pfx "Tardis.pfx" -pi <password>
Note
Name the, and files with the machine hostname where the UVCS server is installed. If you don't use the machine hostname, you continuously receive warnings to say that the certificate doesn't match the UVCS server hostname. In the example above, the server is called , so the resulting output files are labeled as , and .
.pvk.cer.pfxTardisTardis.pvkTardis.cerTardis.pfxCreate a CA signed certificate
You can use the Certificate Authority (CA) certificate to generate additional SSL certificates for other sites and services such as the UVCS server.- Run the command to generate the
makecertand.pvkfiles:.cermakecert -n "CN=My Company" -r -a sha1 -sv MyCompanyCA.pvk MyCompanyCA.cer - Execute the following command to create an SSL certificate:
makecert -n "CN=TARDIS" -iv MyCompanyCA.pvk -ic MyCompanyCA.cer -sky exchange -a sha1 -pe -sv"UvcsServerTardis.pvk" UvcsServerTardis.cer
- Execute the pvk2pfx command to combine the and
.pvkfiles to generate the.cerfile:.pfxpvk2pfx -pvk "UvcsServerTardis.pvk" -spc "UvcsServerTardis.cer" -pfx "UvscServerTardis.pfx" -pi <password>
Create SSL certificates on Linux and macOS
Prerequisites
For Linux and macOS, one of the most versatile SSL tools isopensslopensslCreate a self signed certificate
Create a.pfx- Execute the command to create the
opensslfile:.pemopenssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout key.pem -out key.pem - Enter the information to incorporate into your certificate request. Note: For the value, you need to use the UVCS host name that your clients use to connect with the server machine.
Common Name - Run the following command to export the .pem certificate file into a .pfx file:
openssl pkcs12 -export -out ssl-certificate.pfx -in key.pem -name "UVCS Certificate"
Create a CA signed certificate
- Execute the following command:
opensslopenssl genrsa -out rootCA.key 2048 - Execute the following command to use the to generate the self signed certificates:
rootCA.keyopenssl req -x509 -new -nodes -days 3560 -key rootCA.key -out key.pem - Run the following command to export the file into a
.pemfile:.pfxopenssl pkcs12 -export -out ssl-certificate.pfx -in key.pem -name "UVCS Certificate"