The X.509 area has many functionalities and the ability to create a certificate authority, general digital certificate, self signed certificate, using certificate signed by the root, intermediate root certificate, Outlook certificate and code signing certificate. Also, you can generate a CSR and create a certificate from that.


Each time you select a radio box, default key usage is automatically selected. Of course, you can select additional key usage or just create a certificate for any purpose. The only restriction to the certificate is that any key generated in the evaluation version is limited to 30 days.


NOTE: By the way, the root certificate for NextGen Widget Software is embedded in the program. If you don't want to see notices that may keep popping up saying the program is unknown etc. Just install NextGen Widget Software certificate into your root certificate store.



Let's go ahead and start by generating a certificate authority. Select Certificate Authority (CA) radio button and the usage automatically selects the digital signature and marks the key as critical. Now, the mandatory field is the (CN), but I'm going to fill out most everything here and I'm going to leave the certificate options as default. Now I'm going to enter a password. This should be a very complex passphrase and you will need to secure your certificate.


Once you've entered all of the necessary information you can choose to view the certificate before generating it by clicking the "View Certificate" button.



Since the certificate looks good, I'm going to click the "Generate PFX" button and I'm making sure that the "Save Public Certificate" checkbox is checked. After you click the "Generate PFX" button a browser pops up so you can save the certificate to whatever location you desire. Then, you are given the opportunity to save the public key as well.



I'm selecting yes because I want a public root certificate. Once you select yes, another browser pops up so that you can save the certificate to a designated location. Now, you'll have both certificates saved in a particular area. What you'll need to do from this point is install the public root certificate into your key store or install the public search into your users key store.


Some certificate authorities using an intermediate root certificate. This way, they can simply put the master root certificate away in a lockbox secure location and utilize the intermediate root certificate. Let's click on the "Intermediate Root Certificate" radio button and you'll notice that the key usage changes. Now, once you've entered the certificate data you will now utilize the right side of the program in the create user certificate area. You'll notice that the load button becomes active and the password text boxes also become active. 


Now, click the load button and locate the private key for the root certificate that we just created. Enter that passphrase and also the passphrase for the new intermediate certificate we are about to create.



Click the "Generate PFX" and once again make sure that "Save Public Certificate" checkbox is checked. If you view the certificate first you will notice that the issued by is your root certificate and the issued to is the intermediate root.



NextGen Widget Encrypt is a great program for creating certificates from a certificate signing request (CSR).



NextGen Widget Encrypt is a great program for creating certificates from a certificate signing request (CSR). Generate the certificate signing requests from your device or server and save it as a text file. Press the "Load" button and locate the certificate signing request text file.


Next, simply load the roots signing certificate and enter the password for the root certificate. Now, click the key usage checkboxes that apply and click the "Save Public Certificate" checkbox. 


Lastly, click the "Generate PFX" button and save the private key to a folder as well as the public key.