To generate a self-signed SSL certificate:

1. Run the Command Prompt as an administrator
   
2. Navigate to OpenSSL Directory.
   
3. Navigate to the OpenSSL bin directory. For example: cd C:\OpenSSL-Win64\bin
   

1. Run the following command to generate a private key
   openssl genrsa -out private.key 2048
2. Run the following command to generate a CSR using the private key:
   openssl req -new -key private.key -out certificate.csr
3. Enter the requested organization information. For a self-signed certificate, configure the Common Name to the IP address of your server

1.  Run the following command:
   openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt

To configure your services:

1. Move the generated certificate.pfx file to a directory in your project or a secure location on your server
   
1. Add the SSL certificate path and password to the following configuration files (default paths):
   
2. c:\Program Files (x86)\Rosslare\AxTraxPro WebServer\API\appsettings.json
   
3. c:\Program Files (x86)\Rosslare\AxTraxPro WebServer\Identity\appsettings.json
   
4. c:\Program Files (x86)\Rosslare\AxTraxPro WebServer\API\ClientApp\dist\environments\environment.json

Adding the SSL Certificate to the Trusted Root Certificate Store in Windows

Perform the following procedure to make sure your self-signed certificate is trusted by your Windows system and browsers, enabling secure HTTPS connections without warnings.

To install the certificate in the Windows Certificate Store:

1. Open the certificate manager:
   
1. Press Win +R.
   
2. Type mmc.
   
3. Press Enter.
   
2. Add the certificates snap-in:
   
1. Run the MMC console, click File > Add/Remove Snap-in.
   
2. Click Certificates and click Add.
   
3. Click Computer account > Local computer > Finish and click OK.
   
3. Import the certificate:
   
1. In the left pane, expand Certificates > Personal.
   
2. Right-click Personal select All Tasks and click Import.[
   
3. Follow the wizard to import your .pfx file. Use the password you set during the export.
   
4. To add the certificate to the Trusted Root Certification Authorities:
   
1. Copy the certificate:
   
2. Run the MMC console, navigate to Certificates - Local Computer > Personal > Certificates. Locate your newly imported certificate.
   
3. Right-click your certificate, select All Tasks > Export, and follow the wizard to export the certificate as .cer file. Do not export the private key.
   
5. Add the Certificate to Trusted Root:
   
1. In the left pane, expand Certificates > Trusted Root Certification Authorities > Certificates.
   
2. Right-click Certificates, select All Tasks > Import.
   
3. Follow the wizard to import the .cer file you just exported.

To verify the certificate installation:

1. In the MMC console verify that your certificate is listed under both Personal and Trusted Root Certification Authorities.
   
2. In your browser navigate to your site. For example: https://10.0.0.10.
   
3. If the set up was correct, the site loads without SSL warnings.