Click here to Skip to main content
11,929,283 members (59,741 online)
Click here to Skip to main content
Add your own
alternative version

Tagged as


6 bookmarked

SSL MakeCert / pvk2pfx & Client & Server Certificate Generation

, 20 Feb 2011 CPOL
Rate this:
Please Sign up or sign in to vote.
Create a full suite of SSL certificate for development purposes
I've not seen all of this pulled together in one place and on my current project, I have a need for solid SSL testing during dev so needed to nail this once and for all. I hope you find this useful!

To make a test CA (Certificate Authority), you can use the following command:

makecert -r -pe -n “CN=AdventureWorksTestCA” -sr CurrentUser -a sha1 -sky signature -cy authority -sv AdventureWorksTestCA.pvk AdventureWorksTestCA.cer

To make a test server authentication certificate:
makecert -pe -n “CN=AdventureWorksTestServer” -a sha1 -sky exchange -eku -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestServer.pvk AdventureWorksTestServer.cer

To make a test client authentication certificate:
makecert -pe -n “CN=AdventureWorksTestClient” -a sha1 -sky exchange -eku -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestClient.pvk AdventureWorksTestClient.cer

Then to export the PFX files for both certificates:
pvk2pfx -pvk AdventureWorksTestServer.pvk -spc AdventureWorksTestServer.cer -pfx AdventureWorksTestServer.pfx
pvk2pfx -pvk AdventureWorksTestClient.pvk -spc AdventureWorksTestClient.cer -pfx AdventureWorksTestClient.pfx

Now once you have your certificates created, you need to import them into your certificate store. Start with the CA certificate, double click the .cer file and click on the [install certificate] button. Once the dialog box opens, make sure you import this certificate into the “Trusted Root Certification Authorities” store. This is critical to ensure the other certificates are correctly chained up to a trusted root.

Once this CA is installed, you can simply go through the same process with the client and server certificates and allow them to simply import into their default location (don’t manually specify the store during import). The client/server certs will import themselves into the Current User - Personal certificate store.

Now, you should be all set-up with a CA/Server/Client certs ready for dev work.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Chief Technology Officer JamSoft
United Kingdom United Kingdom
Developer and en

You may also be interested in...

Comments and Discussions

Questiondifficulty with remote server Pin
EdwardH200913-Dec-13 12:22
memberEdwardH200913-Dec-13 12:22 
AnswerRe: difficulty with remote server Pin
Jammer25-Feb-14 4:15
memberJammer25-Feb-14 4:15 
GeneralMy vote of 5 Pin
MTM99911-Oct-12 23:38
memberMTM99911-Oct-12 23:38 
GeneralMany thanks! Pin
Jammer24-Feb-11 9:46
memberJammer24-Feb-11 9:46 
GeneralReason for my vote of 5 actually it is a good set of comman... Pin
Member 432084424-Feb-11 8:42
memberMember 432084424-Feb-11 8:42 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.151126.1 | Last Updated 20 Feb 2011
Article Copyright 2011 by Jammer
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid