X509 Certificate Generation

Source: Internet
Author: User

X509 Certificate Introduction

The digital certificate standard developed by the International Telecommunication Union (ITU-T), which I believe is well known, is now available in three versions, as far as I know, the. NET uses the concept of the X.509-2,x.509-2 version to introduce the principal and issuer unique identifiers to resolve the subject and/ or the issuer name may be reused after a certain period of time, the X509-2 (hereinafter referred to as X509) certificate consists of two keys, commonly called key pairs, public key cryptography, private key decryption. Today I would like to make an in-depth introduction and understanding of X509, because in the WCF security system, the X509 certificate application is very frequent, or is indispensable.


1, how do I generate a certificate?  

  Use Microsoft-provided Makecert.exe test certificate generation
Now click Start menu-run-enter CMD, run console application, navigate to D:\\cers, enter:makecert-r -pe -$  in console Individual-n "cn=mailsecurity"-sky exchange-sr currentuser-ss my mailsecurity.cer, can be in the current user certificate A X509 certificate named Mailsecurityr is generated in the personal area under the storage area, and the certificate file Mailsecurity.cer is output in the current directory, the following is a brief description of the various parameter meanings, more complex parameters refer to: Certificate creation tool Help

MakeCert Certificate Tool Name

-R indicates that the certificate to be generated is self-signed and gives itself awards (this is primarily the authority)

-pe indicates that the generated private key is marked as exportable. This allows the private key to be included in the certificate

-$ certificate is personal or commercial (individual/commercial) old beauty is to do, this thing with the dollar sign is really very image.

-N indicates the subject of the certificate, and you can just take it as the title, no matter what name you have, you must include the cn= prefix

-sky Specifies the key type of the subject, which must be signature, Exchange, or an integer that represents the provider type. By default, 1 is passed in to represent the interchange key, and 2 for the signing key

-SR the certificate store location for the specified topic. Location can be either CurrentUser (default) or localmachine (it must be a value in both)

-SS the name of the certificate store that specifies the subject, where the output certificate is stored

Mailsecurity.cer certificate name, do not need to be consistent with the theme, but suggest you still good.

X509 Certificate Generation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.