makecert and creating ssl or signing certificates
I’ve been asked to post my makecert scripts for creating self-signed certificates (one for SSL and the other for signing). I use both of these scripts as .bat files. These scripts accept one parameter — the CN (common name) you want the certificate to match. For the SSL cert this must match the host name. For signing it’s just a unique name. Both of these need to be run from an administrative command prompt because the scripts install the certificate into the local machine’s personal certificate store. If you need the public key portion (.cer) then you’d have to open mmc and export it. Also, notice the expiration in the scripts — this is something you might want to change based upon your situation.
The first script is for creating SSL certificates. This is good for setting up SSL on your local IIS for a new web site (you’d need to ensure the host is indicated and SNI is configured). Although the SSL certificate won’t be trusted until you configure the cert as trusted on the client machine. Here are the .bat file contents:
makecert -r -pe -n "CN=%1" -b 01/01/2015 -e 01/01/2020 -eku 220.127.116.11.18.104.22.168.1 -sky exchange -a sha256 -len 2048 -ss my -sr localMachine
The second script is for creating signing certificates (for things like token signing within a token service such as IdentityServer). Here are the .bat file contents:
makecert -r -pe -n "CN=%1" -b 01/01/2015 -e 01/01/2020 -eku 22.214.171.124.126.96.36.199.3 -sky signature -a sha256 -len 2048 -ss my -sr LocalMachine