• Get an SSL certificate from an accredited certification organization (thawte or verisign for example). We recommend that you contact these entities to find out how to proceed. This certificate can be used with a deployed application for example.
• Create a self-signed certificate. This certificate can be used for test and/or for a deployed application. To do so, you must use the OpenSSL open source library.

1. Downloading and installing the OpenSSL library compiled for Windows

• OpenSSL is installed in the <DirInstallOpenSSL> directory
• a PERL engine is installed on the computer (free PERL engines can be downloaded from Internet).

2. Configuring OpenSSL

• Edit the file named <DirInstallOpenSSL>/bin/CA.pl
• Replace the line:
  
  $CATOP="/.demoCA":
  by:
  
  $CATOP="./<MYAUTHORITY>";
• Edit the OpenSSL.cfg file
• Replace the line:
  
  [CA_default]
  dir = ./demoCA       # Where everything is kept
  
  by:
  
  [CA_default]
  dir = ./<MYAUTHORITY>       # Where everything is kept

3. Creating a certification authority

• Open a command line (run cmd).
• Position in the <DirInstallOpenSSL>/bin directory
• Enter:
  
  CA.pl -newca
• Press Enter to create a new CA.
• Type the password of private key (twice). This password is mandatory.
• Enter the information about the certification authority currently created.
  • The country
  • The state or the region
  • The city
  • The company
  • The service
  • The name of the certification authority
  • An email address
  • A password that must be supplied during the certificate request: as it is a self-signed certificate, no password is required. Validate without entering anything.
  • A company name
  Then, you must re-enter the password that was entered beforehand.
• At the end of the script, the <MYAUTHORITY> sub-directory was created in the ./bin directory of OpenSSL. You will find in this directory:
  
  ./cacert.pem (the public part of the certificate that will be used to sign the other ones).<br>
  ./private/cakey.pem (the private key).
• Copy the "./cacert.pem" file and rename it to cacert.crt. This file must be installed on all the computers that use sockets connecting to servers whose certificate has been signed by this authority.

4. Creating a server certificate that can be used with the SocketCreateSSL function

• Create a certificate request. In the command line, type:
  
  CA.pl -newreq
  
  Press Enter and specify the following information:
  • A password for the certificate (note: This password will have to be specified to import the certificate into Windows).
    This password is mandatory, it must contain between 4 and 500 characters.
  • The country.
  • The state or the region.
  • The city.
  • The company.
  • The service.
  • The full name of server on which the certificate will be installed.
  • An email address.
  • A password that must be supplied during the certificate request: as it is a self-signed certificate, no password is required. Validate without entering anything.
  • A company name.
  Two files are created in the <DirInstallOpenSSL>/bin directory: newreq.pem and newreq.key.
• Sign the request with the authority created in the command line:
  
  CA.pl -sign
  
  The password of the certification authority is requested. Check the signature and the recording by answering "y" to the two following questions.
  The <DirInstallOpenSSL>/bin/newcert.pem file is created.
• Create the full certificate:
  • In the command line, type:
    
    CA.pl -pkcs12 "use name"
  • Then, answer the questions by specifying:
    • The password of certification authority.
    • An export password: this password will be requested when exporting the certificate from the certificate store.
    The newcert.p12 file is created in the <RepInstallOpenSSL>/bin directory. This file must be installed on the server. To do so, you must:
    1. Copy the certificate onto the computer.
    2. Double-click this file. The certificate will be visible in the certificate manager (certmgr.msc).
       Caution: The certificate must be installed with the user account of the application or service that will be using it.