MakeCert: Difference between revisions
Jump to navigation
Jump to search
No edit summary (change visibility) |
No edit summary (change visibility) |
||
Line 5: | Line 5: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx | http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx | ||
== root and sub - powershell code signing == | |||
<syntaxhighlight lang="text"> | |||
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine | |||
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer | |||
</syntaxhighlight> | |||
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx | |||
== pfx == | == pfx == |
Revision as of 17:47, 23 January 2015
root and sub
makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
root and sub - powershell code signing
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx
pfx
If you want to create your own PFX file with your personal information, you have to complete these two steps:
Create your public & private Keys (You will be prompt to define the private key’s password):
makecert.exe -sv MyKey.pvk -n "CN=.NET Ready!!!" MyKey.cer
Create your PFX file from the public and private key
pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto
makecert
C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
-tbs <file> Certificate or CRL file to be signed
-sc <file> Subject's certificate file
-sv <pvkFile> Subject's PVK file; To be created if not present
-ic <file> Issuer's certificate file
-ik <keyName> Issuer's key container name
-iv <pvkFile> Issuer's PVK file
-is <store> Issuer's certificate store name.
-ir <location> Issuer's certificate store location
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-in <name> Issuer's certificate common name.(eg: Fred Dews)
-a <algorithm> The signature algorithm
<md5|sha1|sha256|sha384|sha512>. Default to 'sha1'
-ip <provider> Issuer's CryptoAPI provider's name
-iy <type> Issuer's CryptoAPI provider's type
-sp <provider> Subject's CryptoAPI provider's name
-sy <type> Subject's CryptoAPI provider's type
-iky <keytype> Issuer key type
<signature|exchange|<integer>>.
-sky <keytype> Subject key type
<signature|exchange|<integer>>.
-l <link> Link to the policy information (such as a URL)
-cy <certType> Certificate types
<end|authority>
-b <mm/dd/yyyy> Start of the validity period; default to now.
-m <number> The number of months for the cert validity period
-e <mm/dd/yyyy> End of validity period; defaults to 2039
-h <number> Max height of the tree below this cert
-len <number> Generated Key Length (Bits)
-r Create a self signed certificate
-nscp Include Netscape client auth extension
-crl Generate a CRL instead of a certificate
-eku <oid[<,oid>]> Comma separated enhanced key usage OIDs
-? Return a list of basic options
-! Return a list of extended options