Create a. pfx format digital certificate that is signed for a ClickOnce manifest

The. PFX digital certificate is created automatically by using VS2005. The default validity period is only one year, and "Issuer", "issued to" is a combination of the current machine name and the current login username, in fact we can create a more friendly. PFX digital certificate.

To open the SDK command prompt for the Microsoft. NET Framework, follow these steps:

1. Create a self-signed X.509 certificate (. cer) and a. pvk private key file, using the MakeCert tool, which commands the following:

Makecert-r-N "cn=cncxz"-B 01/01/2005-e 01/01/2018-sv myselfname.pvk myselfname.cer

The following command generates a 2048-bit encryption algorithm for Azuremgr.cloudapp.net SSL access for this domain, and specifies a certificate of storage location:

Makecert-r-N "cn=azuremgr.cloudapp.net"-B 01/01/2012-e 01/01/2030-a sha1-len 2048-ss ca-sr localmachine-sv Azure MGRTOOL.PVK Azuremgrtool.cer

Set the private key password (or no password) at the prompt to generate related files in the current directory

2. Create the Publisher certificate (. spc) using the X.509 certificate (. cer), and use the CERT2SPC tool, which commands the following:

CERT2SPC Myselfname.cer MYSELFNAME.SPC

3, from the. pvk and. spc format into a. pfx format, using the Pvkimprt tool, commands are as follows:

PVKIMPRT-PFX MYSELFNAME.SPC myselfname.pvk

Follow the prompts to export the. PFX certificate, if you set the private key password in step 1th, enter validation here

4. Click "Select from File" to navigate to the. PFX certificate set up in step 3rd of the certificate settings for the ClickOnce manifest signature of the VS project, where you need to verify the certificate private key password set in step 3rd.

=================================================
MakeCert tools and CERT2SPC tools. NET Framework with, PVKIMPRT tool download address as follows
Http://download.microsoft.com/download/vba50/Utility/1.0/NT5/EN-US/pvkimprt.exe

How to use the MakeCert command:

Command format: makecert [options] Outputcertificatefile

Test the name of the. cer file to write to the X.509 certificate.

Basic Options

Options	Description
- N x509name	Specifies the certificate name for the topic. This name must conform to the X.500 standard. The easiest way to do this is to specify the name in double quotes and prefix cn=; for example, "Cn=myname".
-pe	Marks the generated private key as exportable. This allows the private key to be included in the certificate.
-sk KeyName	Specifies the location of the key container for the topic, which contains the private key. If the key container does not exist, the system creates one.
-SR Location	Specifies the certificate store location for the topic. Location can be currentuser(default) or localmachine.
-ss Store	Specifies the certificate store name for the subject, where the output certificate is stored.
-# Number	Specifies a serial number between 1 and 2,147,483,647. The default value is the unique value generated by Makecert.exe.
-$ Authority	Specifies the signing permissions for the certificate, which must be set to commercial(for certificates used by commercial software publishers) or individual(for certificates used by personal software publishers).
-?	Displays a list of command syntax and basic options for this tool.
-!	Displays a list of command syntax and extended options for this tool.

Extended options

Options	Description
-A algorithm	Specifies the signature algorithm. Must be MD5(default) or SHA1.
- b mm/dd/yyyy	Specifies the start time of the validity period. The default is the date the certificate was created.
-cy Certtype	Specifies the certificate type. Valid values are end (for final entities) and Authority(for certification authorities).
- D Name	Displays the name of the topic.
- e mm/dd/yyyy	Specifies the end time of the validity period. The default is 12/31/2039 11:59:59 GMT.
-eku Oid[,oid]	Inserts a comma-delimited, enhanced Key Usage object identifier (OID) list into the certificate.
- H number	Specifies the maximum height of the tree below this certificate.
-ic File	Specifies the issuer's certificate file.
-ik KeyName	Specifies the issuer's key container name.
-iky KeyType	Specifies the issuer's key type, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key.
-in Name	Specifies the certificate common name of the issuer.
-ip Provider	Specifies the CryptoAPI provider name for the issuer.
-ir Location	Specifies the certificate store location for the issuer. Location can be currentuser(default) or localmachine.
-is Store	Specifies the certificate store name of the issuer.
-iv Pvkfile	Specifies the issuer's. pvk private key file.
-iy Pvkfile	Specifies the CryptoAPI provider type for the issuer.
- L Link	Links to policy information (for example, a URL).
- m number	Specifies the duration of the certificate's validity period in months.
-NSCP	Includes Netscape client authentication extensions.
- R	Create a self-signed certificate.
-sc File	Specifies the certificate file for the topic.
-sky KeyType	Specifies the key type of the subject, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key.
-SP Provider	Specifies the CryptoAPI provider name for the topic.
-SV Pvkfile	Specifies the. pvk private key file for the subject. If the file does not exist, the system will create one.
-sy Type	Specifies the CryptoAPI provider type for the topic.

Example

The following command creates a test certificate issued by the default test root and writes it to the Testcert.cer. Copy

MakeCert Testcert.cer

The following command creates a certificate issued by the default test root and saves it to the certificate store. Copy

Makecert-ss Testcertstore

The following command creates a certificate issued by the default test root and saves it to the certificate store. It explicitly places the certificate into the CurrentUser store. Copy

Makecert-ss TESTCERTSTORE-SR CurrentUser

The following command creates a test certificate and writes it to Textxyz.cer using the subject's key container and the X.500 name of the certificate subject. Copy

Makecert-sk xyz-n "cn=xyz Company" Testxyz.cer 

The following command creates a certificate and a. pvk file issued by the default test root and prints the certificate to both the store and the file. Copy

MAKECERT-SV Testcert.pvk-ss Testcertstore Testcert.cer

The following command creates a certificate and a key container issued by the default test root and prints the certificate to both the store and the file. Copy

Makecert-sk Mytestkey-ss Testcertstore Testcert.cer

The following command creates a self-signed certificate, specifies the user name "CN=XYZ Company", specifies the start and end time of the validity period, places the key in the My store, assigns and swaps the key, and makes the private key exportable. Copy

Makecert-r-pe-n "cn=xyz Company"-B 01/01/2005-e 01/01/2010-sky Exchange-ss my

The following command creates some certificates and saves them to the storage area. The first command creates a certificate using the default test root and saves it to the store. The second command creates another certificate using the newly created certificate and saves the second certificate to another store. Copy

Makecert-sk mytestkey-ss testcertstore
makecert-is testcertstore-ss anotherteststore

The following command creates some certificates and saves them to the storage area. The first command saves the certificate to the My store. The second command creates another certificate with the newly created certificate. Because there are multiple certificates in the My store, the second command uses a common name to identify the first certificate. Copy

Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my
makecert-is my-in "Xxzzyy"-ss Anotherteststore

The following command creates some certificates and saves them to a file and storage area. The first command creates a certificate using the default test root and saves it to the My store and a file. The second command creates another certificate using the newly created Testcert.cer certificate. Because there are multiple certificates in the My store, the second command uniquely identifies the first certificate using the certificate file name. Copy

Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my testcert.cer makecert-is my-ic testcert.cer-ss anotherTestStore