A quick but powerful way to create Elliptic curve cryptography certificates and keys using OpenSSL. The keys, certificates are also exported into a .PFX file for exporting into the target environment. The certificates are self signed in this case. Read the batch file comments and modify as you need (eg: from 521 bit key curve to 256 bit key curv…

genEcCert.bat

@echo off
@echo.
@echo Description: Uses OpenSSL to create a 521 bit EC certificate (PEM). Also creates the PKCS#12 file to export the cert as well as the private key (AES256 encrypted)
@echo.

if [%1]==[] goto usage

SET paramFile=%1-param-key.pem
SET keyFile=%1-param-key.pem
SET reqFile=%1-req.pem 
SET certFile=%1-cert.pem
SET exportFile=%1.pfx

REM Delete temp files if they live, don't wipe out key!
del /q /f %reqFile% %certFile% %exportFile% 

REM Create a new named curve; secp521 (NIST/SECG curve over a 521 bit prime field)
openssl ecparam -out %paramFile% -name secp521r1 -genkey

REM Make a certificate request, request signed via SHA512, set the common name
openssl req -new -key %keyFile% -sha512 -keyform PEM -out %reqFile% -outform PEM -subj '/C=US/CN=ECC-cert-test' 

REM Create (self-signed) certificate, 1 year. This certificate will sign using SHA512
openssl x509 -req -days 365 -in %reqFile% -signkey %keyFile% -out %certFile% -sha512 

REM Export the certificate and private key, AES256 encrypt it, set friendly name
openssl pkcs12 -export -aes256 -out %exportFile% -in %certFile% -inkey %keyFile% -name "ECC-cert-test-friendlyname"

goto :eof

:usage
@echo Usage: genEcCert mycert
exit /B 1