How to use makecert to create personal security certificates ?


The Certificate Creation tool(makecert.exe) is a tool to generate generates X.509 certificates for testing  and development purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher\’s name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.

makecert.exe

This tool has set of basic options and set of advance options. Most of the requirements are fulfilled with basic options only.

Option

Description

-n name

Specifies the subject\’s certificate name. This name must conform to the X.500 standard. The simplest method is to specify the name in double quotes, preceded by CN=; for example, -n “CN=myName”.

-pe

Marks the generated private key as exportable. This allows the private key to be included in the certificate.

-sk keyname

Specifies the subject\’s key container location, which contains the private key. If a key container does not exist, it will be created.

-sr location

Specifies the subject\’s certificate store location. location can be either currentuser (the default) or localmachine.

-ss store

Specifies the subject\’s certificate store name that stores the output certificate.

For an example that displays the names of all standard certificate stores found on a local system, see the X509Store.Name property.

-# number

Specifies a serial number from 1 to 2,147,483,647. The default is a unique value generated by Makecert.exe.

-$ authority

Specifies the signing authority of the certificate, which must be set to either commercial (for certificates used by commercial software publishers) orindividual (for certificates used by individual software publishers).

-?

Displays command syntax and a list of basic options for the tool.

-!

Displays command syntax and a list of extended options for the tool.

 

Launch The Visual Studio Developer’s command prompt as Administrator

Most easy command to generate a certificate is

makecert c:testCert.cer

Ans here is complete one

makecert -sk TestKey -pe -ss TestStore -sr CurrentUser -$ individual -n CN=Anupama Prabhakar  c:testCert.cer

Second command have exportable private key. You can find certificate on file location given by you. In my case it is C:.

For complete details the msdn documentation

Ref: http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx