MakeCert: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
No edit summary   (change visibility)
Line 5: Line 5:
</syntaxhighlight>
</syntaxhighlight>
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
== root and sub - powershell code signing ==
<syntaxhighlight lang="text">
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
</syntaxhighlight>
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx


== pfx ==
== pfx ==

Revision as of 17:47, 23 January 2015

root and sub

makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1  -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"

http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx

root and sub - powershell code signing

makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

http://www.hanselman.com/blog/SigningPowerShellScripts.aspx

pfx

If you want to create your own PFX file with your personal information, you have to complete these two steps:

Create your public & private Keys (You will be prompt to define the private key’s password):

makecert.exe -sv MyKey.pvk -n "CN=.NET Ready!!!" MyKey.cer

Create your PFX file from the public and private key

pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto


makecert

C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
 -tbs <file>         Certificate or CRL file to be signed
 -sc  <file>         Subject's certificate file
 -sv  <pvkFile>      Subject's PVK file; To be created if not present
 -ic  <file>         Issuer's certificate file
 -ik  <keyName>      Issuer's key container name
 -iv  <pvkFile>      Issuer's PVK file
 -is  <store>        Issuer's certificate store name.
 -ir  <location>     Issuer's certificate store location
                        <CurrentUser|LocalMachine>.  Default to 'CurrentUser'
 -in  <name>         Issuer's certificate common name.(eg: Fred Dews)
 -a   <algorithm>    The signature algorithm
                        <md5|sha1|sha256|sha384|sha512>.  Default to 'sha1'
 -ip  <provider>     Issuer's CryptoAPI provider's name
 -iy  <type>         Issuer's CryptoAPI provider's type
 -sp  <provider>     Subject's CryptoAPI provider's name
 -sy  <type>         Subject's CryptoAPI provider's type
 -iky <keytype>      Issuer key type
                        <signature|exchange|<integer>>.
 -sky <keytype>      Subject key type
                        <signature|exchange|<integer>>.
 -l   <link>         Link to the policy information (such as a URL)
 -cy  <certType>     Certificate types
                        <end|authority>
 -b   <mm/dd/yyyy>   Start of the validity period; default to now.
 -m   <number>       The number of months for the cert validity period
 -e   <mm/dd/yyyy>   End of validity period; defaults to 2039
 -h   <number>       Max height of the tree below this cert
 -len <number>       Generated Key Length (Bits)
 -r                  Create a self signed certificate
 -nscp               Include Netscape client auth extension
 -crl                Generate a CRL instead of a certificate
 -eku <oid[<,oid>]>  Comma separated enhanced key usage OIDs
 -?                  Return a list of basic options
 -!                  Return a list of extended options