How to create a self-signed SSL certificate using CertReq

Configuring any Web service to work over HTTP using SSL is a good idea. 

We certainly recommend it for BackupAssist’s Multi-site Manager (BAMM) and in this post I’ll show you how to create an SSL certificate you can then bind this kind of service to.

There is an SSL setup guide linked in the BAMM software however that requires you a) have a server operating system and b) is a little long-winded.

The alternative which I find only take a few seconds, is to use the built-in Windows command tool ‘CertReq’.

First create a config file

The first thing we need is a simple text file, so lets name it ‘cert.txt’ and add the following lines:-


; At least one value must be set in this section
Subject = ""
KeyLength = 2048
Exportable = TRUE
KeyAlgorithm = RSA
MachineKeySet = true
RequestType = Cert

Note: You’ll need to replace ‘’ with the Fully Qualified Domain Name (FQDN) record you wish to use for your SSL certificate. This can also be defined as an IP address if you only wish to use the service inside a private network.

The important bit is that we set RequestType = Cert. This option indicates a self-signed or self-issued certificate. It does not generate a request, but rather a new certificate and then installs the certificate. Self-signed is the default.

Then create your certificate

To actually create the certificate, it’s as simple as running the following command:-

%Windir%\System32\certreq.exe -new cert.txt

This works well on Windows 7 and Windows 8 but it will also work on server-based operating systems too.

After the certificate has been created it should automatically be added to the local certificate store and should be listed within the BackupAssist MultiSite manager to use.

Hope you found that useful, let me know in the comments below…
Subscribe to blog highlights mail

Share via
Copy link
Powered by Social Snap