# Generate self signed certificate with GnuTLS under Windows


## 1. Install GnuTLS

Download and decompress the Windows version of GnuTLS from [here](http://www.gnutls.org/download.html)

Add the directory `gnutls-3.4.9-w64/bin` to your PATH environment and restart your console

## 2. Generate private.key

Run the following command to create `private.key`
```
certtool.exe --generate-privkey --outfile private.key 
```

## 3. Generate public.crt

The easiest way is to generate certificate is to specify its information under a file. You can find an example below. We'll call that file `cert.cnf`.

```
# X.509 Certificate options
#
# DN options

# The organization of the subject.
organization = "Example Inc."

# The organizational unit of the subject.
#unit = "sleeping dept."

# The state of the certificate owner.
state = "Example"

# The country of the subject. Two letter code.
country = "EX"

# The common name of the certificate owner.
cn = "Sally Certowner"

# In how many days, counting from today, this certificate will expire.
expiration_days = 365

# X.509 v3 extensions

# DNS name(s) of the server
dns_name = "localhost"

# (Optional) Server IP address
ip_address = "127.0.0.1"

# Whether this certificate will be used for a TLS server
tls_www_server

# Whether this certificate will be used to encrypt data (needed
# in TLS RSA ciphersuites). Note that it is preferred to use different
# keys for encryption and signing.
encryption_key
```

Now, it is time to generate the public certificate using this command:

```sh
certtool.exe --generate-self-signed --load-privkey private.key --template cert.cnf --outfile public.crt 
```

That's it.