Makecert (the X.509 Certificate Creation utility) generates a X.509 certificate, which can be used for testing purposes only. It creates a public and private key pair for digital signatures and associates it with a name that you specify. This utility also associates the key pair with a specified publisher's name and creates a X.509 certificate that binds your name to the public part of the key pair.
makecert [optional arguments] OutputCertificateFile
Argument | Description |
---|---|
-sk | Subject's key container name (will be created if not present). |
-# | Serial Number from 1 to 2^31-1. Default to be unique. |
-$ | The signing authority of the certificate: either individual or commercial. |
-n | Certificate subject X500 name (e.g.,: CN=Fred Dews). |
-? | Returns a list of basic arguments. |
-ss | Subject's certificate store name that stores the output certificate. |
-sr | Subject's certificate store location. <CurrentUser|LocalMachine>. Defaults to CurrentUser. |
-! | Returns a list of extended options. |
Argument | Description |
---|---|
-ik | Issuer's key container name. |
-sc | Subject's certificate file. |
-sv | Subject's PVK file (will be created if not present). |
-sp | Subject's CryptoAPI provider's name. |
-sy | Subject's CryptoAPI provider's type. |
-ic | Issuer's certificate file. |
-iv | Issuer's PVK file. |
-is | Issuer's certificate store name. |
-ir | Location of issuer's certificate store, either CurrentUser or LocalMachine. The default is CurrentUser. |
-ip | Issuer's CryptoAPI provider's name. |
-iy | Issuer's CryptoAPI provider's type. |
-a | The signature algorithm, either md5, or sha (defaults to md5). |
-d | Display name for the subject. |
-l | Link to the policy information (such as URL). |
-cy | Certificate types: either end, authority, or both. |
-b | Start of the validity period in mm/dd/yyyy format (defaults to now). |
-m | The number of months for the certificate validity period. |
-e | End of validity period in mm/dd/yyyy format (defaults to 12/31/2039 11:59:59 GMT). |
-h | Max height of the tree below this certificate. |
-r | Create a self-signed certificate. |
-nscp | Include Netscape client-authorization extension. |
-iky | Issue key type <signature|exchange|<integer>>. |
-sky | Subject key type <signature|exchange|<integer>>. |
-in | Issuer's certificate common name. |
-eku | Comma-separated OIDs for enhanced key usage. |
OutputCertificateFile | The test X.509 certificate (.cer) file. |
The following creates a test certificate and outputs it to testCert.cer.
makecert testCert.cer
The following creates a test certificate and outputs it to textXYZ.cer, using the subject's key container and the certificate subject's X500 name.
makecert -sk XYZ -n "CN=XYZ Company" testXYZ.cer