The makecert.exe tool which comes with VS2010 can generate up to 1024 bit certificate. To create a 2048 bit certificate you would need makecert.exe from the Windows SDK 7.1. The details are as below:
Step 1: Download Windows SDK 7.1 from the link below:
Step 2: Be sure that you have makecert.exe version 6.1.7600.16385 as below:
Step 3: Now open the Window SDK command prompt window as below:
Step 4: In the opened command windows type the command as below:
C:\Windows\system32>makecert -r -pe -n "CN=Avkash Azure Cert2048" -a sha1 -ss My -len 2048 -sy 24 -b 09/01/2011 -e 01/01/2018 Succeeded
Step 5: Now launch certificate manager using certmgr.msc and verify the certificate as below:
Note: If you are generating certificate for Windows Azure, please use –pe option with makecert.exe so the private key can be exportable. If certificate private key is not exportable you could not upload the certificate to for your Windows Azure application.
Nice one. I did not know there are two types of makecert.exe. Microsoft really need to learn managing tool and providing single copy of any application.
There is a web site you can use to create certificates (up to 4096 bit I think) quickly online: http://makecert.com
I don't see any -eku in your command line - the EKU value is needed for:
•serverAuth (22.214.171.124.126.96.36.199.1) -- TLS Web server authentication
•clientAuth (188.8.131.52.184.108.40.206.2) -- TLS Web client authentication