Certificate creation tool (makecert.exe)

Source: Internet
Author: User
. NET Framework tool Certificate creation tool (makecert.exe)

The certificate creation tool generates X.509 certificates for testing purposes only. It creates a public key and private key pair for digital signature, and stores it in the certificate file. This tool also associates the key pair with the name of the specified issuer and creates an X.509 Certificate that binds the user-specified name to the public part of the key pair.

Makecert.exe contains basic options and extension options. Basic options are the most commonly used options for creating certificates. Extended options provide more flexibility.

Do not store the certificate Private Key generated by this tool in the. SNK file. To store the private key, use the key container. For more information about how to store private keys in a key container, see How to: store asymmetric keys in a key container.

Warning

Use the certificate storage area to securely store certificates. The. SNK file used by this tool stores the private key in an unprotected manner. When creating or importing a. SNK file, ensure its security during use and remove it after use.

 
Makecert [Options] outputcertificatefile
Parameters Description

Outputcertificatefile

Name of the. Cer file to be written to the X.509 Certificate.

Basic options

Option Description

-N X509name

Specifies the Certificate Name of the topic. This name must comply with X.500 standards. The simplest way is to specify this name in double quotation marks and add the prefixCN =For example, "cn =Myname".

-PE

Mark the generated private key as exported. In this way, the private key can be included in the certificate.

-Sk Keyname

Specifies the location of the key container for the topic, which contains the private key. If the key container does not exist, the system creates one.

-Sr Location

Specifies the certificate storage location for the topic.LocationYesCurrentuser(Default) OrLocalmachine.

-SS Store

Specify the certificate storage name of the topic, and the output certificate is stored there.

-# Number

Specifies a serial number between 1 and 2,147,483,647. The default value is the unique value generated by makecert.exe.

-$ Authority

Specify the Certificate Signature permission, which must be setCommercial(Certificates used by commercial software vendors) orIndividual(Certificates used by personal software senders ).

-?

Displays the command syntax and basic options of this tool.

-!

Displays the command syntax and extended Option List of this tool.

Extended options

Option Description

- Algorithm

Specify SignatureAlgorithm. RequiredMD5(Default) orSha1.

-B Mm/DD/YYYY

Specify the start time of the validity period. The default date is the certificate creation date.

-Cy Certtype

Specify the certificate type. Valid value isEnd(For final entities) andAuthority(For certificate authorities ).

-D Name

The name of the topic.

-E Mm/DD/YYYY

End Time of the validity period. The default value is 12/31/2039 11:59:59 GMT.

-Eku Oid[,Oid]

Insert the list of enhanced Key Usage Object Identifiers (OID) separated by commas into the certificate.

-H Number

Specify the maximum height of the tree under this certificate.

-IC File

Specifies the issuer's Certificate file.

-Ik Keyname

Specifies the name of the issuer's key container.

-Iky Keytype

Specifies the issuer's key type, which must beSignature,ExchangeOr a representation to provideProgramType integer. By default1Indicates the exchange key, passed in2Indicates the signature key.

-InName

Specifies the public name of the issuer's certificate.

-IP Provider

Specifies the issuer's CryptoAPI provider name.

-IR Location

Specifies the certificate storage location of the issuer.LocationYesCurrentuser(Default) orLocalmachine.

-Is Store

Specifies the name of the issuer's certificate store.

-IV Pvkfile

Specifies the. PVK private key file of the issuer.

-Iy Pvkfile

Specifies the type of the issuer's CryptoAPI provider.

-L Link

Link to the policy information (for example, a URL ).

-M Number

Specify the duration of the certificate validity period in months.

-NSCP

Including Netscape client authentication extensions.

-R

Create a self-signed certificate.

-SC File

Specifies the Certificate file of the topic.

-Sky Keytype

Specifies the key type of the topic, which must beSignature,ExchangeOr an integer that represents the provider type. By default1Indicates the exchange key, passed in2Indicates the signature key.

-SP Provider

Specifies the name of the CryptoAPI provider for the topic.

-SV Pvkfile

Specifies the. PVK private key file of the topic. If the file does not exist, the system creates one.

-Sy Type

Specifies the CryptoAPI provider type of the topic.

Example

The following command creates a test certificate issued by the default test root and writes itTestcert. Cer.

Copy code
Makecert testcert. Cer

The following command creates a certificate issued by the default test root and saves it to the certificate store.

Copy code
 
Makecert-SS testcertstore

The following command creates a certificate issued by the default test root and saves it to the certificate store. It explicitly places the certificateCurrentuserStorage area.

Copy code
 
Makecert-SS testcertstore-Sr currentuser

The following command creates a test certificate using the secret container of the topic and the X.500 name of the certificate topic, and writes itTextxyz. Cer.

Copy code
Makecert-sk xyz-n "cn = XYZ Company" testxyz. Cer

The following command creates a certificate issued by the default test root and A. PVK file, and outputs the certificate to both the storage area and the file.

Copy code
 
Makecert-SV testcert. PVK-SS testcertstore testcert. Cer

The following command creates a certificate issued by the default test root and a key container, and outputs the certificate to both the storage zone and the file.

Copy code
 
Makecert-SK mytestkey-SS testcertstore testcert. Cer

The following command creates a self-signed certificate, specifying the user name as "cn = XYZ Company", specifying the start time and end time of the validity period, and placing the key inMyStorage area, specifying and exchanging keys, and enabling private keys to be exported.

Copy code
Makecert-r-pe-n "cn = XYZ Company"-B 01/01/2005-e 01/01/2010-sky exchange-SS my

The following command creates some certificates and saves them to the storage area. The first command creates a certificate using the default test root and saves it to the storage area. The second command creates another certificate using the newly created certificate and saves the second certificate to another storage zone.

Copy code
 
Makecert-SK mytestkey-SS testcertstoremakecert-Is testcertstore-SS anotherteststore

The following command creates some certificates and saves them to the storage area. The first command saves the certificateMyStorage area. The second command creates another certificate using the newly created certificate. BecauseMyThere are multiple certificates in the bucket, so the second command uses a public name to identify the first certificate.

Copy code
Makecert-SK mytestkey-n "cn = xxzzyy"-SS mymakecert-is my-in "xxzzyy"-SS anotherteststore

The following command creates some certificates and saves them to the file and storage area. The first command creates a certificate using the default test root and saves itMyStorage area and a file. The second command uses the newly createdTestcert. CerThe certificate creates another certificate. BecauseMyThere are multiple certificates in the bucket, so the second command uses the Certificate file name to uniquely identify the first certificate.

Copy code
 
Makecert-SK mytestkey-n "cn = xxzzyy"-SS my testcert. cermakecert-is my-ic testcert. cer-SS anotherteststore

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.