How to Create a Self Signing Certificate

by Steven Jordan on 4/16/2014

Take Away:  Use Microsoft Windows and its MakeCert tool to create free SSL certificates.  These custom-made certificates can be added as trusted resources for individual users and computers.  Their primary use is generally for testing purposes, code-signing, and other unique situations. 

Create certificates in three easy steps:
  1. Download MakeCert:  Use the Microsoft tool called MakeCert to generate the certificate.  Microsoft includes MakeCert with their Windows 8 Software and Development Toolkit.

    *Hint, choose the Windows App Certificate Kit to avoid downloading the entire SDK.

    MakeCert is also available for download on my OneDrive.
  2. Create a Certificate and Private Key: 

    a.) Makecert.exe is located in the c:\Windows Kits\8.0\bin\x64 directory by default.  Feel free to copy it to a different location.

    b.) Run makecert.exe with the following extended options: 

    C:\scripts>makecert -n "CN=Self Sign Cert" -a sha256 -eku "" -r -sv root.pvk root.cer -ss root -sr localmachine

    N.B., -n=Subject Name; -a=digest algorithm; -eku=Enhanced Key Usage, OID; -r=self signed; -sv= Subject PVK file; -ss=Certificate Store Name; -sr=Certificate store location.

    d.)  The above command requests a new private key password. 

    e.)  The new private key and certificate file are located in the same directory as the Makecert application.
  3. Pair the Certificate and Private Key:

    a.) Run the following command:

    C:\scripts>makecert -pe -n "CN=PowerShell local certificate root" -ss MY -a sha1 -eku "" -iv root.pvk - ic root.cer

    b.) The above command requests the private key password.

    c.) The certificate pair automatically imports into the Windows Certificate Store.  This is confirmed using the MMC Certificate Snap-In.

    Start → MMC → Add/Remove Snap-In → Certificates → Personal 

That's It!



Post a Comment

My Instagram