Script for setting up Certificates for WCF

Script for setting up Certificates for WCF

  • Comments 1

I thought this script might be quite useful to set up certificates for testing with services hosted in IIS. This uses 3 tools present in the SDK folder.
1. makecert
2. certmgr
3. FindPrivateKey
You can find these in the WCF samples.

Note: Make sure you run this from the Windows SDK prompt and check the cert stores for the certifcates.

--------------------------------Setup.bat----------------------------

echo off
echo ************
echo Client cert setup starting
echo ************
set CLIENT_NAME=client.com
set SERVER_NAME=localhost

echo ****************
echo Cleanup starting
echo ****************

echo -------------------------
echo del client certs
echo -------------------------
certmgr -del -r CurrentUser -s My -c -n %CLIENT_NAME%
certmgr -del -r CurrentUser -s TrustedPeople -c -n %SERVER_NAME%

echo -------------------------
echo del service certs
echo -------------------------
certmgr -del -r LocalMachine -s My -c -n %SERVER_NAME%
certmgr -del -r LocalMachine -s TrustedPeople -c -n %CLIENT_NAME%

echo *****************
echo Cleanup completed
echo *****************


echo ************
echo making client cert
echo ************
makecert.exe -sr CurrentUser -ss MY -a sha1 -n CN=%CLIENT_NAME% -sky exchange -pe
echo ************
echo copying client cert to server's CurrentUserstore
echo ************
certmgr.exe -add -r CurrentUser -s My -c -n %CLIENT_NAME% -r LocalMachine -s TrustedPeople


echo ************
echo Server cert setup starting
echo %SERVER_NAME%
echo ************
echo making server cert
echo ************
makecert.exe -sr LocalMachine -ss MY -a sha1 -n CN=%SERVER_NAME% -sky exchange -pe
echo ************
echo copying server cert to client's CurrentUser store
echo ************
certmgr.exe -add -r LocalMachine -s My -c -n %SERVER_NAME% -r CurrentUser -s TrustedPeople


echo ************
echo setting privileges on server certificates
echo ************
for /F "delims=" %%i in ('"FindPrivateKey.exe" My LocalMachine -n CN^=%SERVER_NAME% -a') do set PRIVATE_KEY_FILE=%%i
set WP_ACCOUNT=NT AUTHORITY\NETWORK SERVICE
(ver | findstr "5.1") && set WP_ACCOUNT=%COMPUTERNAME%\ASPNET
echo Y|cacls.exe "%PRIVATE_KEY_FILE%" /E /G "%WP_ACCOUNT%":R
iisreset

Leave a Comment
  • Please add 1 and 7 and type the answer here:
  • Post
  • thanks - i was half way through creating something like this!
Page 1 of 1 (1 items)
Search