How can I correctly install OpenSSL Windows to generate certificates?

General Discussions
, ,
1

How can I correctly install OpenSSL Windows to generate certificates?

I need to install OpenSSL on Windows to create certificates, but I’m unsure which version to use. I previously installed openssl-1.0.2d-fips-2.0.10 from SourceForge, but it didn’t generate the files correctly. The official website, OpenSSL.org, provides downloads, but I’m unsure how to install it properly.

Additionally, I set up environment variables pointing to the folder where I unzipped OpenSSL, but I don’t know if that’s the correct approach for generating keys and .pem files. What is the best way to install and configure OpenSSL Windows so that it works as expected?

2

I’ve set up OpenSSL Windows quite a few times, and the best way to do it is through the official installer. Here’s the correct method:

  1. Head to the official OpenSSL for Windows website.
  2. Download the latest OpenSSL Light or Full Installer (e.g., Win64 OpenSSL v3.x.x).
  3. Run the installer and choose ‘Install OpenSSL binaries.’
  4. Make sure to select ‘Copy OpenSSL DLLs to the Windows system directory.’
  5. Add OpenSSL to the system PATH using:
setx PATH "%PATH%;C:\Program Files\OpenSSL-Win64\bin"
  1. Confirm the installation by running:
openssl version

That should set up OpenSSL Windows properly without any issues

3

That’s a solid method, @yanisleidi-rodriguez ! But if you want an even faster way to install OpenSSL Windows without manually downloading and setting paths, you can use Chocolatey. It’s what I prefer:

  1. Open PowerShell as Administrator and install Chocolatey (if you haven’t already):
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
  1. Once Chocolatey is installed, install OpenSSL with:
choco install openssl -y
  1. Restart PowerShell and verify with:
openssl version

This approach ensures OpenSSL Windows is installed with minimal effort and keeps it up to date automatically!"

4

Both methods are great, but if you need a lightweight, portable setup for OpenSSL Windows (like on a USB drive or a specific folder), manually extracting OpenSSL works well. Here’s how:

  1. Download OpenSSL from Shining Light Productions.
  2. Extract the files to C:\OpenSSL-Win64\.
  3. Add OpenSSL to the system PATH manually:
  • Open System Properties → Advanced → Environment Variables.
  • Edit the PATH variable and add C:\OpenSSL-Win64\bin.
  1. Set up the OpenSSL configuration:
setx OPENSSL_CONF "C:\OpenSSL-Win64\bin\openssl.cfg"
  1. Finally, check if it’s working:
openssl version

This is especially useful when you don’t want to install OpenSSL system-wide but still need it accessible for certain tasks.