Python others

Create a .crt file with OpenSSL on Windows

This article will be a bit different than the normal technical article that treats about Python and data analysis.
This article is just a simple guide to create a the require key and certificate necessary for some (most) of Adobe IO API.

I am not a developers but I think that I understand quite good how computer and internet works in general. However, the principle to create a key and a certificate to use some of the Adobe IO API was really a blocker for me.

Not that I didn’t understand what it is supposed to do and why Adobe requires it. But for non developers, self-generating these files and keys are quite obscure. I struggled hard time and even if I quickly realize that you would need to use OpenSSL as a program finding the right method to use is not so easy.

Guide to create a .crt file for your Adobe IO connection

Getting to know more about SSL & Certificates

On this post, I will not explain exactly how it works and why it is existing, smarter people and better explanations than the one I am able to give exist.

If you are looking for guide, I would recommend this (non-exhaustive) list of blog article :

On my side, I will simply remain at the core foundation of what the SSL certificates do :

It enables the application / service that you are going to use to be able to recognize that you are, who you say you are. Through this identification, it enables the fact that the communication is going to be private and encrypted so no one else that the service and you know what is going one.

Step by step

  1. You will learn quite quickly that you need to have OpenSSL installed.
    If like me you are on Windows, not as easy to install than a apt-get install openssl 🙂
    I would recommend to go here and download the last version for your window computer :
  2. Then if you install/extract that program on your computer.
    If you try to run it, it will give you most likely an error saying : “unable to load config info from /usr/local/ssl/openssl.cnf”
    This is because you would need to have a config file for OpenSSL to run.
    What this file is doing, I don’t really know, but what I know is that Git has one 🙂
    So you can take the one created by Git when you installed it and you have to realize those steps :

    1. Create a new System Environment Variable name : OPENSSL_CONF
      Sytem Variable
    2. Set this new Variable to your file : C:\Program Files (x86)\GnuWin32\share\openssl.cnf
    3. Also make sure that this path is accessible on the env_variable. (otherwise, add it to the path variable)
  3. Next step is to launch OpenSSL.exe and the error should have disappear.
    You enter this line of code : genrsa -des3 -out NameOfYourKey.key 4096
  4. Provide the basic information (pass phrase) 2 times
    You should have a new file call NameOfYourKey.key in your folder
  5. Launch OpenSSL again and enter this line of code : req -new -x509 -days 3650 -key NameOfYourKey.key -out AnotherName.crt
    They will ask you to re-enter your pass phrase, I hope you remember it 🙂
  6. Enter the different information you want in the certificate.
    You should have your AnotherName.crt file created in your folder now 🙂

From the different steps that you have followed, you have now created a private key and certificate for your application. Problem is that the private key is now encrypted.
In order to use this key for Adobe IO API authentification, you would need to decrypt the key for further use. You can do that doing the following (in OpenSSL) :

rsa -in <privatekeyname.key> -out <privatekeyname_decrypt.key>

Using that information with the Adobe IO should be more simple than going through the maze of this configuration.
I will most probably do an article about it but when my first Python API using Adobe IO will be ready. (most likely Adobe Analytics).
So I will ask for a bit of patience here.

In the meantime. Have fun exploring !


    1. You need to upload the .crt document to adobe IO.
      This is your certificate that you pass. The (uncrypted) key will be used for the API connection.

Leave a Reply

Your email address will not be published. Required fields are marked *