The. PFX digital certificate is created automatically by using VS2005. The default validity period is only one year, and "Issuer", "issued to" is a combination of the current machine name and the current login username, in fact we can create a more friendly. PFX digital certificate.
To open the SDK command prompt for the Microsoft. NET Framework, follow these steps:
1. Create a self-signed X.509 certificate (. cer) and a. pvk private key file, using the MakeCert tool, which commands the following:
Makecert-r-N "cn=cncxz"-B 01/01/2005-e 01/01/2018-sv myselfname.pvk myselfname.cer
The following command generates a 2048-bit encryption algorithm for Azuremgr.cloudapp.net SSL access for this domain, and specifies a certificate of storage location:
Makecert-r-N "cn=azuremgr.cloudapp.net"-B 01/01/2012-e 01/01/2030-a sha1-len 2048-ss ca-sr localmachine-sv Azure MGRTOOL.PVK Azuremgrtool.cer
Set the private key password (or no password) at the prompt to generate related files in the current directory
2. Create the Publisher certificate (. spc) using the X.509 certificate (. cer), and use the CERT2SPC tool, which commands the following:
CERT2SPC Myselfname.cer MYSELFNAME.SPC
3, from the. pvk and. spc format into a. pfx format, using the Pvkimprt tool, commands are as follows:
PVKIMPRT-PFX MYSELFNAME.SPC myselfname.pvk
Follow the prompts to export the. PFX certificate, if you set the private key password in step 1th, enter validation here
4. Click "Select from File" to navigate to the. PFX certificate set up in step 3rd of the certificate settings for the ClickOnce manifest signature of the VS project, where you need to verify the certificate private key password set in step 3rd.
=================================================
MakeCert tools and CERT2SPC tools. NET Framework with, PVKIMPRT tool download address as follows
Http://download.microsoft.com/download/vba50/Utility/1.0/NT5/EN-US/pvkimprt.exe
How to use the MakeCert command:
Command format: makecert [options] Outputcertificatefile
Test the name of the. cer file to write to the X.509 certificate.
Basic Options
Options |
Description |
- N x509name |
Specifies the certificate name for the topic. This name must conform to the X.500 standard. The easiest way to do this is to specify the name in double quotes and prefix cn=; for example, "Cn=myname". |
-pe |
Marks the generated private key as exportable. This allows the private key to be included in the certificate. |
-sk KeyName |
Specifies the location of the key container for the topic, which contains the private key. If the key container does not exist, the system creates one. |
-SR Location |
Specifies the certificate store location for the topic. Location can be currentuser(default) or localmachine. |
-ss Store |
Specifies the certificate store name for the subject, where the output certificate is stored. |
-# Number |
Specifies a serial number between 1 and 2,147,483,647. The default value is the unique value generated by Makecert.exe. |
-$ Authority |
Specifies the signing permissions for the certificate, which must be set to commercial(for certificates used by commercial software publishers) or individual(for certificates used by personal software publishers). |
-? |
Displays a list of command syntax and basic options for this tool. |
-! |
Displays a list of command syntax and extended options for this tool. |
Extended options
Options |
Description |
-A algorithm |
Specifies the signature algorithm. Must be MD5(default) or SHA1. |
- b mm/dd/yyyy |
Specifies the start time of the validity period. The default is the date the certificate was created. |
-cy Certtype |
Specifies the certificate type. Valid values are end (for final entities) and Authority(for certification authorities). |
- D Name |
Displays the name of the topic. |
- e mm/dd/yyyy |
Specifies the end time of the validity period. The default is 12/31/2039 11:59:59 GMT. |
-eku Oid[,oid] |
Inserts a comma-delimited, enhanced Key Usage object identifier (OID) list into the certificate. |
- H number |
Specifies the maximum height of the tree below this certificate. |
-ic File |
Specifies the issuer's certificate file. |
-ik KeyName |
Specifies the issuer's key container name. |
-iky KeyType |
Specifies the issuer's key type, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key. |
-in Name |
Specifies the certificate common name of the issuer. |
-ip Provider |
Specifies the CryptoAPI provider name for the issuer. |
-ir Location |
Specifies the certificate store location for the issuer. Location can be currentuser(default) or localmachine. |
-is Store |
Specifies the certificate store name of the issuer. |
-iv Pvkfile |
Specifies the issuer's. pvk private key file. |
-iy Pvkfile |
Specifies the CryptoAPI provider type for the issuer. |
- L Link |
Links to policy information (for example, a URL). |
- m number |
Specifies the duration of the certificate's validity period in months. |
-NSCP |
Includes Netscape client authentication extensions. |
- R |
Create a self-signed certificate. |
-sc File |
Specifies the certificate file for the topic. |
-sky KeyType |
Specifies the key type of the subject, which must be signature,Exchange , or an integer representing the provider type. By default, you can pass in 1 to exchange the key, and incoming 2 to represent the signing key. |
-SP Provider |
Specifies the CryptoAPI provider name for the topic. |
-SV Pvkfile |
Specifies the. pvk private key file for the subject. If the file does not exist, the system will create one. |
-sy Type |
Specifies the CryptoAPI provider type for the topic. |
Example
The following command creates a test certificate issued by the default test root and writes it to the Testcert.cer. Copy
MakeCert Testcert.cer
The following command creates a certificate issued by the default test root and saves it to the certificate store. Copy
Makecert-ss Testcertstore
The following command creates a certificate issued by the default test root and saves it to the certificate store. It explicitly places the certificate into the CurrentUser store. Copy
Makecert-ss TESTCERTSTORE-SR CurrentUser
The following command creates a test certificate and writes it to Textxyz.cer using the subject's key container and the X.500 name of the certificate subject. Copy
Makecert-sk xyz-n "cn=xyz Company" Testxyz.cer
The following command creates a certificate and a. pvk file issued by the default test root and prints the certificate to both the store and the file. Copy
MAKECERT-SV Testcert.pvk-ss Testcertstore Testcert.cer
The following command creates a certificate and a key container issued by the default test root and prints the certificate to both the store and the file. Copy
Makecert-sk Mytestkey-ss Testcertstore Testcert.cer
The following command creates a self-signed certificate, specifies the user name "CN=XYZ Company", specifies the start and end time of the validity period, places the key in the My store, assigns and swaps the key, and makes the private key exportable. Copy
Makecert-r-pe-n "cn=xyz Company"-B 01/01/2005-e 01/01/2010-sky Exchange-ss my
The following command creates some certificates and saves them to the storage area. The first command creates a certificate using the default test root and saves it to the store. The second command creates another certificate using the newly created certificate and saves the second certificate to another store. Copy
Makecert-sk mytestkey-ss testcertstore
makecert-is testcertstore-ss anotherteststore
The following command creates some certificates and saves them to the storage area. The first command saves the certificate to the My store. The second command creates another certificate with the newly created certificate. Because there are multiple certificates in the My store, the second command uses a common name to identify the first certificate. Copy
Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my
makecert-is my-in "Xxzzyy"-ss Anotherteststore
The following command creates some certificates and saves them to a file and storage area. The first command creates a certificate using the default test root and saves it to the My store and a file. The second command creates another certificate using the newly created Testcert.cer certificate. Because there are multiple certificates in the My store, the second command uniquely identifies the first certificate using the certificate file name. Copy
Makecert-sk mytestkey-n "Cn=xxzzyy"-ss my testcert.cer makecert-is my-ic testcert.cer-ss anotherTestStore