X509 Certificate Generation

X509 Certificate Introduction

The digital certificate standard developed by the International Telecommunication Union (ITU-T), which I believe is well known, is now available in three versions, as far as I know, the. NET uses the concept of the X.509-2,x.509-2 version to introduce the principal and issuer unique identifiers to resolve the subject and/ or the issuer name may be reused after a certain period of time, the X509-2 (hereinafter referred to as X509) certificate consists of two keys, commonly called key pairs, public key cryptography, private key decryption. Today I would like to make an in-depth introduction and understanding of X509, because in the WCF security system, the X509 certificate application is very frequent, or is indispensable.

1, how do I generate a certificate?  

  Use Microsoft-provided Makecert.exe test certificate generation
Now click Start menu-run-enter CMD, run console application, navigate to D:\\cers, enter:makecert-r -pe -$  in console Individual-n "cn=mailsecurity"-sky exchange-sr currentuser-ss my mailsecurity.cer, can be in the current user certificate A X509 certificate named Mailsecurityr is generated in the personal area under the storage area, and the certificate file Mailsecurity.cer is output in the current directory, the following is a brief description of the various parameter meanings, more complex parameters refer to: Certificate creation tool Help

MakeCert Certificate Tool Name

-R indicates that the certificate to be generated is self-signed and gives itself awards (this is primarily the authority)

-pe indicates that the generated private key is marked as exportable. This allows the private key to be included in the certificate

-$ certificate is personal or commercial (individual/commercial) old beauty is to do, this thing with the dollar sign is really very image.

-N indicates the subject of the certificate, and you can just take it as the title, no matter what name you have, you must include the cn= prefix

-sky Specifies the key type of the subject, which must be signature, Exchange, or an integer that represents the provider type. By default, 1 is passed in to represent the interchange key, and 2 for the signing key

-SR the certificate store location for the specified topic. Location can be either CurrentUser (default) or localmachine (it must be a value in both)

-SS the name of the certificate store that specifies the subject, where the output certificate is stored

Mailsecurity.cer certificate name, do not need to be consistent with the theme, but suggest you still good.

X509 Certificate Generation