AsiaTech: Microsoft APGC Internet Developer Support Team

We focus on various troubleshooting plan and solution on IIS web platform and distributed applications

Create certificates via commands for testing purpose

Create certificates via commands for testing purpose

  • Comments 1

I used the following commands to generate some certificates for testing purpose without building a certificate server:

Create a self-signed root authority

==========================

Run the command to create a self-signed root authority certificate and export the private key:

makecert  -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer

(It will pop up dialog box to ask you to provide the password for the private key. 2 files will be generated: TempCA.pvk and TempCA.cer)

Install the root certificate TempCA.cer to the trusted Root Certification Authorities Store

===================================================================

Command:

certmgr.exe -add -all -c "tempca.cer" -s -r localMachine Root

Create certificates

==============

Server authentication certificate (e.g. for IIS):

makecert -pe -iv TempCA.pvk -n "CN=[your common name]" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -ic TempCA.cer iis.cer

client authentication certificate (e.g. for IE):

makecert -pe -iv TempCA.pvk -n "CN=[your common name]" -eku 1.3.6.1.5.5.7.3.2 -ss my -sr CurrentUser -sky exchange -ic TempCA.cer user.cer 

NOTE: Neither mycert.cer nor user.cer contains the private key. Therefore if you want to use these certificates on the machine other than the machine where you run the above commands, you need to export on this machine and import on the other machine.

Get the SHA1 hash of the certificate

===========================

Command:

certmgr -c -s -r localMachine MY

Create SSL binding for http.sys 

=======================

netsh http add sslcert ipport=0.0.0.0:443 certhash=[hash value] appid={4dc3e181-e14b-4a21-b022-59fc669b0914} certstorename=MY

Where the hash value is the SHA1 hash Thumbprint. (Remove the space in the hash string)

Appid is your application id. I use IIS id here.

Bind the web site to port

===================

Using appcmd to create ssl binding

appcmd.exe set config -section:system.applicationHost/sites /+"[name='Default Web Site'].bindings.[protocol='https',bindingInformation='*:443:']" /commit:apphost

 

Regards,

XinJin from APGC DSI Team

Leave a Comment
  • Please add 7 and 1 and type the answer here:
  • Post
  • super useful.

Page 1 of 1 (1 items)