MakeCert: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 1: | Line 1: | ||
== root and sub == | |||
<syntaxhighlight lang="text"> | <syntaxhighlight lang="text"> | ||
makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA" | makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA" | ||
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer" | makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer" | ||
</syntaxhighlight> | </syntaxhighlight> | ||
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx | |||
== pfx == | |||
If you want to create your own PFX file with your personal information, you have to complete these two steps: | If you want to create your own PFX file with your personal information, you have to complete these two steps: | ||
Line 13: | Line 14: | ||
Create your PFX file from the public and private key | Create your PFX file from the public and private key | ||
pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto | pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto | ||
== makecert == | |||
<syntaxhighlight lang="text"> | |||
C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -! | |||
Usage: MakeCert [ basic|extended options] [outputCertificateFile] | |||
Extended Options | |||
-tbs <file> Certificate or CRL file to be signed | |||
-sc <file> Subject's certificate file | |||
-sv <pvkFile> Subject's PVK file; To be created if not present | |||
-ic <file> Issuer's certificate file | |||
-ik <keyName> Issuer's key container name | |||
-iv <pvkFile> Issuer's PVK file | |||
-is <store> Issuer's certificate store name. | |||
-ir <location> Issuer's certificate store location | |||
<CurrentUser|LocalMachine>. Default to 'CurrentUser' | |||
-in <name> Issuer's certificate common name.(eg: Fred Dews) | |||
-a <algorithm> The signature algorithm | |||
<md5|sha1|sha256|sha384|sha512>. Default to 'sha1' | |||
-ip <provider> Issuer's CryptoAPI provider's name | |||
-iy <type> Issuer's CryptoAPI provider's type | |||
-sp <provider> Subject's CryptoAPI provider's name | |||
-sy <type> Subject's CryptoAPI provider's type | |||
-iky <keytype> Issuer key type | |||
<signature|exchange|<integer>>. | |||
-sky <keytype> Subject key type | |||
<signature|exchange|<integer>>. | |||
-l <link> Link to the policy information (such as a URL) | |||
-cy <certType> Certificate types | |||
<end|authority> | |||
-b <mm/dd/yyyy> Start of the validity period; default to now. | |||
-m <number> The number of months for the cert validity period | |||
-e <mm/dd/yyyy> End of validity period; defaults to 2039 | |||
-h <number> Max height of the tree below this cert | |||
-len <number> Generated Key Length (Bits) | |||
-r Create a self signed certificate | |||
-nscp Include Netscape client auth extension | |||
-crl Generate a CRL instead of a certificate | |||
-eku <oid[<,oid>]> Comma separated enhanced key usage OIDs | |||
-? Return a list of basic options | |||
-! Return a list of extended options | |||
</syntaxhighlight> |
Revision as of 12:44, 28 May 2014
root and sub
makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
pfx
If you want to create your own PFX file with your personal information, you have to complete these two steps:
Create your public & private Keys (You will be prompt to define the private key’s password):
makecert.exe -sv MyKey.pvk -n "CN=.NET Ready!!!" MyKey.cer
Create your PFX file from the public and private key
pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto
makecert
C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
-tbs <file> Certificate or CRL file to be signed
-sc <file> Subject's certificate file
-sv <pvkFile> Subject's PVK file; To be created if not present
-ic <file> Issuer's certificate file
-ik <keyName> Issuer's key container name
-iv <pvkFile> Issuer's PVK file
-is <store> Issuer's certificate store name.
-ir <location> Issuer's certificate store location
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-in <name> Issuer's certificate common name.(eg: Fred Dews)
-a <algorithm> The signature algorithm
<md5|sha1|sha256|sha384|sha512>. Default to 'sha1'
-ip <provider> Issuer's CryptoAPI provider's name
-iy <type> Issuer's CryptoAPI provider's type
-sp <provider> Subject's CryptoAPI provider's name
-sy <type> Subject's CryptoAPI provider's type
-iky <keytype> Issuer key type
<signature|exchange|<integer>>.
-sky <keytype> Subject key type
<signature|exchange|<integer>>.
-l <link> Link to the policy information (such as a URL)
-cy <certType> Certificate types
<end|authority>
-b <mm/dd/yyyy> Start of the validity period; default to now.
-m <number> The number of months for the cert validity period
-e <mm/dd/yyyy> End of validity period; defaults to 2039
-h <number> Max height of the tree below this cert
-len <number> Generated Key Length (Bits)
-r Create a self signed certificate
-nscp Include Netscape client auth extension
-crl Generate a CRL instead of a certificate
-eku <oid[<,oid>]> Comma separated enhanced key usage OIDs
-? Return a list of basic options
-! Return a list of extended options