To create a certificate, you first need to create a Certificate Signing Request (CSR). You can send the CSR to a certification authority, or use it to create a self-signed certificate.
OpenSSL is installed with most GNU/Linux distributions. To download the source code or a Windows binary file, go to http://www.openssl.org/ and follow the installation instructions for your operating system. You can use OpenSSL to convert certificates and certificate signing requests from one format to another. For more information, see the OpenSSL man page or online documentation.
Make sure you run the command prompt as an administrator. You can do this by right-clicking the command prompt shortcut in Windows.
To create a temporary, self-signed certificate until the CA returns your signed certificate:
This command creates a certificate inside your current directory that expires in 30 days with the private key and CSR you created in the previous procedure.
You cannot use a self-signed certificate for VPN remote gateway authentication. We recommend that you use certificates signed by a trusted Certificate Authority.
Sign a Certificate with Microsoft CA
Certificate Authorities Trusted by the Device