Create a. pfx format digital certificate that is signed for a ClickOnce manifest

Source: Internet
Author: User
Tags sha1

The. PFX digital certificate is created automatically by using VS2005. The default validity period is only one year, and "Issuer", "issued to" is a combination of the current machine name and the current login username, in fact we can create a more friendly. PFX digital certificate.

To open the SDK command prompt for the Microsoft. NET Framework, follow these steps:

1. Create a self-signed X.509 certificate (. cer) and a. pvk private key file, using the MakeCert tool, which commands the following:

Makecert-r-N "cn=cncxz"-B 01/01/2005-e 01/01/2018-sv myselfname.pvk myselfname.cer

The following command generates a 2048-bit encryption algorithm for Azuremgr.cloudapp.net SSL access for this domain, and specifies a certificate of storage location:

Makecert-r-N "cn=azuremgr.cloudapp.net"-B 01/01/2012-e 01/01/2030-a sha1-len 2048-ss ca-sr localmachine-sv Azure MGRTOOL.PVK Azuremgrtool.cer

Set the private key password (or no password) at the prompt to generate related files in the current directory

2. Create the Publisher certificate (. spc) using the X.509 certificate (. cer), and use the CERT2SPC tool, which commands the following:

CERT2SPC Myselfname.cer MYSELFNAME.SPC

3, from the. pvk and. spc format into a. pfx format, using the Pvkimprt tool, commands are as follows:

PVKIMPRT-PFX MYSELFNAME.SPC myselfname.pvk

Follow the prompts to export the. PFX certificate, if you set the private key password in step 1th, enter validation here

4. Click "Select from File" to navigate to the. PFX certificate set up in step 3rd of the certificate settings for the ClickOnce manifest signature of the VS project, where you need to verify the certificate private key password set in step 3rd.

=================================================
MakeCert tools and CERT2SPC tools. NET Framework with, PVKIMPRT tool download address as follows
Http://download.microsoft.com/download/vba50/Utility/1.0/NT5/EN-US/pvkimprt.exe

How to use the MakeCert command:

Command format: makecert [options] Outputcertificatefile

Test the name of the. cer file to write to the X.509 certificate.

Basic Options

Options Description

- N x509name

Specifies the certificate name for the topic. This name must conform to the X.500 standard. The easiest way to do this is to specify the name in double quotes and prefix cn=; for example, "Cn=myname".

-pe

Marks the generated private key as exportable. This allows the private key to be included in the certificate.

-sk KeyName

Specifies the location of the key container for the topic, which contains the private key. If the key container does not exist, the system creates one.

-SR Location

Specifies the certificate store location for the topic. Location can be currentuser(default) or localmachine.

-ss Store

Specifies the certificate store name for the subject, where the output certificate is stored.

-# Number

Specifies a serial number between 1 and 2,147,483,647. The default value is the unique value generated by Makecert.exe.

-$ Authority

Specifies the signing permissions for the certificate, which must be set to commercial(for certificates used by commercial software publishers) or individual(for certificates used by personal software publishers).

-?

Displays a list of command syntax and basic options for this tool.

-!

Displays a list of command syntax and extended options for this tool.

Extended options
Options Description

-A algorithm

Specifies the signature algorithm. Must be MD5(default) or SHA1.

- b mm/dd/yyyy

Specifies the start time of the validity period. The default is the date the certificate was created.

-cy Certtype

Specifies the certificate type. Valid values are end (for final entities) and Authority(for certification authorities).

- D Name

Displays the name of the topic.

- e mm/dd/yyyy

Specifies the end time of the validity period. The default is 12/31/2039 11:59:59 GMT.

-eku Oid[,oid]

Inserts a comma-delimited, enhanced Key Usage object identifier (OID) list into the certificate.

- H number

Specifies the maximum height of the tree below this certificate.

-ic File

Specifies the issuer's certificate file.

-ik KeyName

Specifies the issuer's key container name.

-iky KeyType

Specifies the issuer's key type, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key.

-in Name

Specifies the certificate common name of the issuer.

-ip Provider

Specifies the CryptoAPI provider name for the issuer.

-ir Location

Specifies the certificate store location for the issuer. Location can be currentuser(default) or localmachine.

-is Store

Specifies the certificate store name of the issuer.

-iv Pvkfile

Specifies the issuer's. pvk private key file.

-iy Pvkfile

Specifies the CryptoAPI provider type for the issuer.

- L Link

Links to policy information (for example, a URL).

- m number

Specifies the duration of the certificate's validity period in months.

-NSCP

Includes Netscape client authentication extensions.

- R

Create a self-signed certificate.

-sc File

Specifies the certificate file for the topic.

-sky KeyType

Specifies the key type of the subject, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key.

-SP Provider

Specifies the CryptoAPI provider name for the topic.

-SV Pvkfile

Specifies the. pvk private key file for the subject. If the file does not exist, the system will create one.

-sy Type

Specifies the CryptoAPI provider type for the topic.

Example

The following command creates a test certificate issued by the default test root and writes it to the Testcert.cer. Copy

MakeCert Testcert.cer

The following command creates a certificate issued by the default test root and saves it to the certificate store. Copy

Makecert-ss Testcertstore

The following command creates a certificate issued by the default test root and saves it to the certificate store. It explicitly places the certificate into the CurrentUser store. Copy

Makecert-ss TESTCERTSTORE-SR CurrentUser

The following command creates a test certificate and writes it to Textxyz.cer using the subject's key container and the X.500 name of the certificate subject. Copy

Makecert-sk xyz-n "cn=xyz Company" Testxyz.cer 

The following command creates a certificate and a. pvk file issued by the default test root and prints the certificate to both the store and the file. Copy

MAKECERT-SV Testcert.pvk-ss Testcertstore Testcert.cer

The following command creates a certificate and a key container issued by the default test root and prints the certificate to both the store and the file. Copy

Makecert-sk Mytestkey-ss Testcertstore Testcert.cer

The following command creates a self-signed certificate, specifies the user name "CN=XYZ Company", specifies the start and end time of the validity period, places the key in the My store, assigns and swaps the key, and makes the private key exportable. Copy

Makecert-r-pe-n "cn=xyz Company"-B 01/01/2005-e 01/01/2010-sky Exchange-ss my

The following command creates some certificates and saves them to the storage area. The first command creates a certificate using the default test root and saves it to the store. The second command creates another certificate using the newly created certificate and saves the second certificate to another store. Copy

Makecert-sk mytestkey-ss testcertstore
makecert-is testcertstore-ss anotherteststore

The following command creates some certificates and saves them to the storage area. The first command saves the certificate to the My store. The second command creates another certificate with the newly created certificate. Because there are multiple certificates in the My store, the second command uses a common name to identify the first certificate. Copy

Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my
makecert-is my-in "Xxzzyy"-ss Anotherteststore

The following command creates some certificates and saves them to a file and storage area. The first command creates a certificate using the default test root and saves it to the My store and a file. The second command creates another certificate using the newly created Testcert.cer certificate. Because there are multiple certificates in the My store, the second command uniquely identifies the first certificate using the certificate file name. Copy

Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my testcert.cer makecert-is my-ic testcert.cer-ss anotherTestStore

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.