To create an SSL Certificate for the server corresponding to the Host Name (MyWebServer), run MakeCert with the following options:
Makecert-r-pe-n CN = "MyWebServer"-eku 1.3.6.1.5.5.7.3.1-ss my-sr localmachine
-Sky exchange-sp "Microsoft RSA SChannel Cryptographic Provider"-sy 12
Command Line Switch
-R
Create a self-signed certificate. Self-signed certificates refer to those that are not signed by the certificate authority. Because it is not signed by a certificate authority, it can be used for the encryption required by SSL, but cannot be used for server authentication.
-N
Specify the server name. This name must comply with X.500 standards. The simplest way is to specify the name with double quotation marks and CN = above.
-Eku
Specify some enhanced Key Usage Object Identifiers (OID) separated by commas (,) to the certificate. For SQL Server 2005, a valid SSL certificate is required for Server Authentication with the 1.3.6.1.5.5.7.3.1 (szOID_PKIX_KP_SERVER_AUTH) OID.
-Ss
Specifies the certificate storage area for storing the created certificate. Although you can save the created certificate to any location in the certificate storage area, we recommend that you save the Certificate in my storage area.
-Sr
Specifies the certificate storage area where the certificate is located. The location can be either currentuser (default) or localmachine. Because this certificate is created for the service, it should be placed on a local computer.
-Sky
Specifies the certificate key type. The value of this switch must be signature, exchange, or INTEGER (for example, 4 ). The RSA public key exchange algorithm must be exchange. This is the key type used to encrypt and decrypt session keys.
-Sp
Specify the name of the CryptoAPI provider. For a certificate created for SQL Server, you can set it to Microsoft RSA SChannel Cryptographic Provider.
-Sy
Specifies the type of the CryptoAPI provider. If the Provider is Microsoft RSA SChannel Cryptographic Provider, the value of this switch is 12.
Other command line switches
-B
Specify the date value of the certificate validity period in mm/dd/yyyy format. The default value is the certificate creation date.
-E
Specify the date value of the end time of the certificate validity period in mm/dd/yyyy format. Otherwise, the default value is 12/31/2039 11:59:59 GMT.
Example
The following example shows how to use MakeCert and other options to create a certificate.
Makecert-r-pe-n "CN = WebServerName"-B 01/01/2000-e 01/01/2036
-Eku 1.3.6.1.5.5.7.3.1-ss my-sr localMachine-sky exchange
-Sp "Microsoft RSA SChannel Cryptographic Provider"-sy 12
After creating a certificate, you can obtain the certificate hash from the certificate MMC or using tools such as CertUtil. You can use CertUtil to list the certificates you just created.
C: \> certutil-store "my" "WebServerName"
==================== Certificate 2 ================================
Serial Number: e302d3a7a831c9884c0dd736f24825e6
Issuer: CN = MySQLServerName
Subject: CN = MySQLServerName
Signature matches Public Key
Root Certificate: Subject matches Issuer
Cert Hash (sha1): d2 2f 9a 7f 18 cb ed 13 a1 3e be e5 32 69 6c 4b ad ba b9 30
Key Container = 956cbc46-f005-4aeb-b521-7c313f2ccd10
Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed
CertUtil:-store command completed successfully.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
