MakeCert: Difference between revisions

From WikiWiki
Jump to navigation Jump to search
No edit summary   (change visibility)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
== root and sub ==
<syntaxhighlight lang="text">
<syntaxhighlight lang="text">
makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1  -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1  -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"
</syntaxhighlight>
</syntaxhighlight>
http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx
== root and sub - powershell code signing ==
<syntaxhighlight lang="text">
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer
</syntaxhighlight>
http://www.hanselman.com/blog/SigningPowerShellScripts.aspx




[[Powershell#Sign_a_Powershell_script|Sign_a_Powershell_script]]


== pfx ==
If you want to create your own PFX file with your personal information, you have to complete these two steps:
If you want to create your own PFX file with your personal information, you have to complete these two steps:


Line 13: Line 24:
Create your PFX file from the public and private key
Create your PFX file from the public and private key
  pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto
  pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto
== makecert ==
<syntaxhighlight lang="text">
C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
-tbs <file>        Certificate or CRL file to be signed
-sc  <file>        Subject's certificate file
-sv  <pvkFile>      Subject's PVK file; To be created if not present
-ic  <file>        Issuer's certificate file
-ik  <keyName>      Issuer's key container name
-iv  <pvkFile>      Issuer's PVK file
-is  <store>        Issuer's certificate store name.
-ir  <location>    Issuer's certificate store location
                        <CurrentUser|LocalMachine>.  Default to 'CurrentUser'
-in  <name>        Issuer's certificate common name.(eg: Fred Dews)
-a  <algorithm>    The signature algorithm
                        <md5|sha1|sha256|sha384|sha512>.  Default to 'sha1'
-ip  <provider>    Issuer's CryptoAPI provider's name
-iy  <type>        Issuer's CryptoAPI provider's type
-sp  <provider>    Subject's CryptoAPI provider's name
-sy  <type>        Subject's CryptoAPI provider's type
-iky <keytype>      Issuer key type
                        <signature|exchange|<integer>>.
-sky <keytype>      Subject key type
                        <signature|exchange|<integer>>.
-l  <link>        Link to the policy information (such as a URL)
-cy  <certType>    Certificate types
                        <end|authority>
-b  <mm/dd/yyyy>  Start of the validity period; default to now.
-m  <number>      The number of months for the cert validity period
-e  <mm/dd/yyyy>  End of validity period; defaults to 2039
-h  <number>      Max height of the tree below this cert
-len <number>      Generated Key Length (Bits)
-r                  Create a self signed certificate
-nscp              Include Netscape client auth extension
-crl                Generate a CRL instead of a certificate
-eku <oid[<,oid>]>  Comma separated enhanced key usage OIDs
-?                  Return a list of basic options
-!                  Return a list of extended options
</syntaxhighlight>

Latest revision as of 17:37, 10 July 2015

root and sub

makecert -pe -n "CN=ROOT" -ss my -sr LocalMachine -a sha1 -sky signature -r "Root CA"
makecert -pe -n "CN=HOSTNAME" -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1  -in "Root CA" -is MY -ir LocalMachine -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "filename.cer"

http://msdn.microsoft.com/en-us/library/ms733813%28v=vs.110%29.aspx

root and sub - powershell code signing

makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root.cer

http://www.hanselman.com/blog/SigningPowerShellScripts.aspx


Sign_a_Powershell_script

pfx

If you want to create your own PFX file with your personal information, you have to complete these two steps:

Create your public & private Keys (You will be prompt to define the private key’s password): 

makecert.exe -sv MyKey.pvk -n "CN=.NET Ready!!!" MyKey.cer

Create your PFX file from the public and private key 

pvk2pfx.exe -pvk MyKey.pvk -spc MyKey.cer -pfx MyPFX.pfx -po toto


makecert

C:\Users\lennert\SkyDrive\epic_tooltjes>makecert.exe -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
 -tbs <file>         Certificate or CRL file to be signed
 -sc  <file>         Subject's certificate file
 -sv  <pvkFile>      Subject's PVK file; To be created if not present
 -ic  <file>         Issuer's certificate file
 -ik  <keyName>      Issuer's key container name
 -iv  <pvkFile>      Issuer's PVK file
 -is  <store>        Issuer's certificate store name.
 -ir  <location>     Issuer's certificate store location
                        <CurrentUser|LocalMachine>.  Default to 'CurrentUser'
 -in  <name>         Issuer's certificate common name.(eg: Fred Dews)
 -a   <algorithm>    The signature algorithm
                        <md5|sha1|sha256|sha384|sha512>.  Default to 'sha1'
 -ip  <provider>     Issuer's CryptoAPI provider's name
 -iy  <type>         Issuer's CryptoAPI provider's type
 -sp  <provider>     Subject's CryptoAPI provider's name
 -sy  <type>         Subject's CryptoAPI provider's type
 -iky <keytype>      Issuer key type
                        <signature|exchange|<integer>>.
 -sky <keytype>      Subject key type
                        <signature|exchange|<integer>>.
 -l   <link>         Link to the policy information (such as a URL)
 -cy  <certType>     Certificate types
                        <end|authority>
 -b   <mm/dd/yyyy>   Start of the validity period; default to now.
 -m   <number>       The number of months for the cert validity period
 -e   <mm/dd/yyyy>   End of validity period; defaults to 2039
 -h   <number>       Max height of the tree below this cert
 -len <number>       Generated Key Length (Bits)
 -r                  Create a self signed certificate
 -nscp               Include Netscape client auth extension
 -crl                Generate a CRL instead of a certificate
 -eku <oid[<,oid>]>  Comma separated enhanced key usage OIDs
 -?                  Return a list of basic options
 -!                  Return a list of extended options
Retrieved from "https://mendelonline.be/wiki/index.php?title=MakeCert&oldid=259"