Click here to Skip to main content
Click here to Skip to main content

Tagged as

SSL MakeCert / pvk2pfx & Client & Server Certificate Generation

, 20 Feb 2011 CPOL
Rate this:
Please Sign up or sign in to vote.
Create a full suite of SSL certificate for development purposes
I've not seen all of this pulled together in one place and on my current project, I have a need for solid SSL testing during dev so needed to nail this once and for all. I hope you find this useful!
 
To make a test CA (Certificate Authority), you can use the following command:
 
makecert -r -pe -n “CN=AdventureWorksTestCA” -sr CurrentUser -a sha1 -sky signature -cy authority -sv AdventureWorksTestCA.pvk AdventureWorksTestCA.cer
 
To make a test server authentication certificate:
makecert -pe -n “CN=AdventureWorksTestServer” -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestServer.pvk AdventureWorksTestServer.cer
 
To make a test client authentication certificate:
makecert -pe -n “CN=AdventureWorksTestClient” -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestClient.pvk AdventureWorksTestClient.cer
 
Then to export the PFX files for both certificates:
pvk2pfx -pvk AdventureWorksTestServer.pvk -spc AdventureWorksTestServer.cer -pfx AdventureWorksTestServer.pfx
 
pvk2pfx -pvk AdventureWorksTestClient.pvk -spc AdventureWorksTestClient.cer -pfx AdventureWorksTestClient.pfx
 
Now once you have your certificates created, you need to import them into your certificate store. Start with the CA certificate, double click the .cer file and click on the [install certificate] button. Once the dialog box opens, make sure you import this certificate into the “Trusted Root Certification Authorities” store. This is critical to ensure the other certificates are correctly chained up to a trusted root.
 
Once this CA is installed, you can simply go through the same process with the client and server certificates and allow them to simply import into their default location (don’t manually specify the store during import). The client/server certs will import themselves into the Current User - Personal certificate store.
 
Now, you should be all set-up with a CA/Server/Client certs ready for dev work.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Jammer
Chief Technology Officer JamSoft
United Kingdom United Kingdom
Developer and en
Follow on   Twitter

Comments and Discussions

 
Questiondifficulty with remote server PinmemberEdwardH200913-Dec-13 12:22 
AnswerRe: difficulty with remote server PinmemberJammer25-Feb-14 4:15 
GeneralMy vote of 5 PinmemberMTM99911-Oct-12 23:38 
GeneralMany thanks! PinmemberJammer24-Feb-11 9:46 
GeneralReason for my vote of 5 actually it is a good set of comman... PinmemberMember 432084424-Feb-11 8:42 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.1411023.1 | Last Updated 20 Feb 2011
Article Copyright 2011 by Jammer
Everything else Copyright © CodeProject, 1999-2014
Layout: fixed | fluid