you could refer this article to create a self-signed root authority certificate and export,
here is the link:
hope it helps you.
Thanks for your link. It was greatly useful for me; but two problems: I read it and created two certificates, one as a certificate authority (Subject & Issuer: Hossein-CA) and added to the Trusted Root Certificate Authorities, and one for my localhost website (Subject: localhost, Issuer: Hossein-CA); but my certificate doesn't get fully validated and my browser address bar doesn't get green. This is one problem and the other one is that my localhost certificate uses the x.500 standard for naming but the browser doesn't show the full names in the address bar. Look at the following image:
Here's my localhost's certificate subject according to x.500:
CN = localhost
L = myLocation
S = myState
C = US
O = localhost, Inc.
The following image has been taken from a trusted certificate authority's website named Thawte:
This is Thawte's certificate subject:
CN = WWW.THAWTE.COM
OU = Infrastructure Operations
L = Mountain View
S = California
C = US
SERIALNUMBER = 3898261
O = Thawte, Inc.
18.104.22.168 = Private Organization
22.214.171.124.4.1.3126.96.36.199.2 = Delaware
188.8.131.52.4.1.3184.108.40.206.3 = US
Why doesn't my browser address bar get green and show my certificate name?
- Edited by itecompro Wednesday, October 10, 2012 2:49 PM
Surprised that no one has replied yet. You have to add your root CA certificate to the browser that you are connecting from. Hope that it works.
I am trying to set myself up as well, but have not been able to create proper certificate with CRL and cert location info.
If you are trying to make a self-signed cert the CA Root for your site such that you will not get an "invalid cert" error message on your website, you cannot do this. A CA is a certified Authority (CA) which means that the certificate comes from a company or source that has been widely accepted as a valid certificate provider. It is what makes certificates cost money, but it also validates that the CA behind a certificate comes from a valid authenticating source.
Each Web Browser has a list of trusted CAs (i.e. VeriSign, DigiCert, etc.) ... for Microsoft IE see: https://technet.microsoft.com/en-us/library/dn265983.aspx?f=255&MSPPError=-2147217396
Therefore, when you create a self-signed cert, since Microsoft does not recognize the CA as matching their list ... it will consider it an invalid certificate always.
Hope that answers your question. Basically, a CA MUST be from a valid certificate authenticator.