Thursday, April 17, 2014

How to Create a Self Signing Certificate

PKI/ SSL
by Steven Jordan on 4/16/2014

Take Away:  Use Microsoft Windows and its MakeCert tool to create free SSL certificates.  These custom-made certificates can be added as trusted resources for individual users and computers.  Their primary use is generally for testing purposes, code-signing, and other unique situations. 

Create certificates in three easy steps:
  1. Download MakeCert:  Use the Microsoft tool called MakeCert to generate the certificate.  Microsoft includes MakeCert with their Windows 8 Software and Development Toolkit.

    *Hint, choose the Windows App Certificate Kit to avoid downloading the entire SDK.



    MakeCert is also available for download on my OneDrive.
  2. Create a Certificate and Private Key: 

    a.) Makecert.exe is located in the c:\Windows Kits\8.0\bin\x64 directory by default.  Feel free to copy it to a different location.

    b.) Run makecert.exe with the following extended options: 

    C:\scripts>makecert -n "CN=Self Sign Cert" -a sha256 -eku "1.3.6.1.5.5.7.3.3" -r -sv root.pvk root.cer -ss root -sr localmachine

    N.B., -n=Subject Name; -a=digest algorithm; -eku=Enhanced Key Usage, OID; -r=self signed; -sv= Subject PVK file; -ss=Certificate Store Name; -sr=Certificate store location.

    d.)  The above command requests a new private key password. 



    e.)  The new private key and certificate file are located in the same directory as the Makecert application.
  3. Pair the Certificate and Private Key:

    a.) Run the following command:

    C:\scripts>makecert -pe -n "CN=PowerShell local certificate root" -ss MY -a sha1 -eku "1.3.6.1.5.5.7.3.3" -iv root.pvk - ic root.cer

    b.) The above command requests the private key password.



    c.) The certificate pair automatically imports into the Windows Certificate Store.  This is confirmed using the MMC Certificate Snap-In.

    Start → MMC → Add/Remove Snap-In → Certificates → Personal 



That's It!

References:

http://blogs.msdn.com/b/kaushal/archive/2013/06/13/working-with-wild-card-certificates.aspx
http://kreelbits.blogspot.com/2013/09/deploying-signed-powershell-scripts-in.html
http://technet.microsoft.com/en-us/magazine/2008.04.powershell.aspx

at

No comments:

Post a Comment