Monday, July 22, 2013

Create Self Service Certificate for Quality/Test Environment

In order to be able to create a Root Certification Authority and some kind of Child Certificate for test and development environment, you can use Makecert.exe.

These command create:

1- Root CA
makecert -n "CN=My Certificate Root" -a sha1 -r -sv My.pvk MyCA.cer -ss Root -sr localMachine

2 - SSL Binding for IIS
makecert -pe -n "CN=WIN2012VS" -sr LocalMachine -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.1 -iv My.pvk -ic MySSL.cer

3 - Client Cert for IIS Client Authentication
makecert -pe -n "CN=My User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.2 -iv My.pvk -ic MyUser.cer

You can then export pfx of generated Client Cert in order to be able to distribute both Root CA and Client Certificate used for authentication. To do this, use standard Windows Certificate Snap In of MMC.

More info about all available command and switch of Makecert.exe utility please read this article.

Certificate Creation Tool (MSDN)

No comments: