How to issue a self-signed certificate

To have a properly working SSL web site you have to assign a SSL certificate to it. A real one costs real money. Easily especially for development to issue a self-signed one.

To create certificates I will use MakeCert.exe that is shipped with Windows SDK (usual path is %ProgramFiles%Microsoft SDKsWindowsv7.1ABin).

First step: create a certificate at TempCA.cer with subject name CA=TempCA with private key kept in TempCA.pvk:

makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer

Second step: create a certificate at SignedByCA.cer in container SignedByCA with subject name (probably should correspond to the web site address) signed by root authority certificate TempCA.cer with private key at TempCA.pvk and save it into the store named My for CurrentUser:

makecert -sk SignedByCA -n "" -iv TempCA.pvk -ic TempCA.cer SignedByCA.cer -sr CurrentUser -ss My

Third step: generate Personal Information Exchange (.pfx) file at TempCA.pfx from certificate TempCA.cert and private key TempCA.pvk (with no password):

Pvk2Pfx -pvk TempCA.pvk -spc TempCA.cer -pfx TempCA.pfx -f

See MSDN for more details.

This entry was posted in Infrastructure and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.