My Certificate Wizard

The Mission

This application aims to ease the job of network admins and their users who are asked to make their X509 certificate request. See the screenshots below and you'll get the entire idea.

The program is intended to be downloaded by various service admins, then bundled to home-brewed installers together with the customized configuration INI file and distributed to the users (e.g. the company VPN users). But of course, to use it, you don't have to be service admin.

Achieved goals are to:
  • have the most of the Distinguished Name prepared and prefilled in the wizard's form by admin,
  • restrict user from giving unallowed input by matching against Extended POSIX Regular Expressions,
  • advice the users what to do by a Welcome text,
  • allow every user interface message customization & localization,
  • provide sometimes handy feature of copying arbitrary files to the output directory,
  • be dynamically configured via the single plain-text INI file,
  • consist of free and simple source code, so any average programmer could modify the behavior and recompile,
  • maintain minimal executable size, so it is easy to download or carry it home,
  • keep the users from the strange black command line and BAT files calling openssl.exe,
  • if you like, consider it a GUI replacement for `openssl.exe req -new' command,
  • simple pure Win32 application, runs everywhere, no big runtime requirements.


This is it. Many things seen on the first picture can be configured to fit the needs of your users or the service for which you need the certificate infrastructure.

My Certificate Wizard - Screenshot 1 My Certificate Wizard - Screenshot 2

Affinity to OpenVPN

This application was originally designed to be used with the wonderful OpenVPN project software, but it became a general-purpose X509 certificate request wizard. It is not functionally tied to OpenVPN, although the OpenVPN users may benefit from the simple feature of automatic customization of the OVPN configuration file.


In case you're willing to use My Certificate Wizard in the environment where security is the matter of extreme importance, then please note, that you stay fully responsible of doing the audit on the code. The author gives you NO WARRANTY of any kind, because you're receiving this program free of charge. The entire risk of using the program is with you. For more information see the license.


Caution: The OpenSSL library version attached here is very old. There were serious security advisories published since last update of MyCert.

Also the MyCert source should undergo a revision to conform possible newer OpenSSL code structure (request.c file specifically).

The author of this program unfortunately has no free resources for more development as he works in a slightly different area now, but is available for sponsored work.

Please consider 0.3.2beta stable, because as per Aug 2008, there are no known (reported) bugs.

Version 0.3.2beta, released 2004-11-17. What have changed?
Version 0.3.1beta, released 2004-11-15.
Version 0.3beta, released 2004-11-09.
Version 0.2beta, released 2004-10-19.
Version 0.1beta, released 2004-10-13.

For security reasons please check the downloaded files consistency to avoid man-in-the-middle attacks. The signed sha1sums file is provided.

One of the following commands (if available) may then be used for the check:
  • sha1sum --check sha1sums.txt
  • sha1sum *
  • openssl(.exe) sha1 *
There are several "parts" of the program:
  • Textual sample configuration file mycert.ini (contains rich comments on every program feature),
  • if you're Czech, you may welcome the sample localized user interface: mycert-cz.ini (more translations are welcome to be published on this site!),
  • for running you'll need the core mycert.exe file (size: 24 KiB),
  • if you are not already having it (may be included e.g. in the software you're supporting by the Wizard, such as OpenVPN), you'll also need compressed libeay32.dll (408KiB, built from openssl-0.9.7d).
The regular expression library is statically linked by default. Because it almost doubles the executable size, there is also the MyCert version without the RegExp support available for your convenience: mycert-non-re.exe (14 KiB). The RegExp oriented options in the INI file will then have no meaning, of course.

Furthermore there is the source package available. Program is written in pure C and released under the open source GNU General Public License. See Please remember that even when you get the source code and therefore technically get control over it, you're are not entitled to do anything you want. Get familiar with the license.


In case this software spared your precious time and/or brought some comfort to your users, you may want to reward its author a bit. Any donation will encourage me to keep producing free handy utilities. Thank you.




Notes On Building

All the necessary tools are free.  If you get the source and want to build the program, you'll need to:
  • get and install the MinGW/MSYS environment ( for Win32,
  • get the OpenSSL header files (, include directory),
  • For regular expressions: you'll need the GNU regex library. I successfully used this package:, follow the instructions included to install it,
  • modify the Makefile to fit your paths if you need to,
  • run make re or make nonre (no regular expression support) from the MSYS console,
  • the program should build without warnings,
  • if you have UPX installed, you may run make dist to compress your EXE file.
Cross-compilation is also possible. See the Makefile.

Caution: You may need to recompile the libeay32.dll library for newer versions of OpenSSL. See the appropriate INSTALL file in the OpenSSL source distribution.


Vlada Macek,, e-m-a-i-l: macek a sandbox d cz, 2004-2008

Available for contract work, click here.

Bug reports, patches, ideas, opinions and thankyou mail is welcome (but more are the donations--above:)! Write me if you have problems using, modifying or building the program. Write me if don't have any problem. :-)

Credits: The development was partially supported by Hieronymus, translation and software localization company.

Valid HTML 4.01!