Making Our Own Digital Certificate


Using this procedure we can create code signing digital certificate for internal use.

1. Create a Digital Certificate

We can use MakeCert.exe tool to make your own digital certificate for testing and internal use. The following is the command format:

MakeCert.exe -r -sv <name-of-private-key-file>.pvk -n "CN=<developer-name>" <name-of-certificate-file>.cer -b <start-data> -e <end-date>

We can find this MakeCert.exe in following paths
"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\MakeCert.exe"
OR
"C:\Program Files (x86)\Windows Kits\8.1\bin\x64\makecert.exe"

2. Convert to PFX

The next step is to convert a digital certificate to a Personal Information Exchange (pfx) file using the pvk2pfx.exe tool. In this step, you need the .pvk file, .cer file, and password you created in the above step.

pvk2pfx.exe" -pvk <name-of-private-key-file>.pvk -pi <password-for-pvk> -spc <name-of-certification-file-name>.cer -pfx <name-of-pfx-file> -po <password-for-pfx>

We can find this pvk2pfx.exe in following paths
"C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\ pvk2pfx.exe"
OR
"C:\Program Files (x86)\Windows Kits\8.1\bin\x64\ pvk2pfx.exe"

3. Import the Digital Certificate to Windows Certificate Store

One more step you need when you are making your own digital certificate is to import it to your computer. You can do this in Certificate Manager (CertMgr.msc) or CertUtils.exe tool. Here we use the UI tool. Please refer here for alternatives.
a) From Start >> Run >> CertMgr.msc. (Or on Windows 8.1/10, right click on Start >> Run >> CertMgr.msc) CertMgr opens.
b) On CertMgr dialog, right click on Trusted Publishers >> All Tasks >> Import …
c) Follow the instructions on Certificate Import Wizard. Click Next.
d) On a dialog which asks "Files to Import", choose the pfx file you want to import.
e) On the "Password" dialog, enter the password. Keep "Include all extended properties" checked.
f) Choose "Place all certificates in the following store" then Click Next.
g) Confirm and Finish.
h) If you see "Import a new Private signature key" dialog, click OK. (This part may differ depending on your environment.)
Repeat the same step with Trusted Root Certification Authorities. This step is to validate digitally signed binary files.

By

Disclaimer: Using this procedure we can create code signing digital certificate for internal use.
All data and information provided on this site is for informational purposes only. CKanth.in makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.