NGWS SDK Documentation  

This is preliminary documentation and subject to change.
To comment on this topic, please send us email at ngwssdk@microsoft.com. Thanks!

Certificate Creation Utility (makecert.exe)

Makecert (the X.509 Certificate Creation utility) generates a X.509 certificate, which can be used for testing purposes only. It creates a public and private key pair for digital signatures and associates it with a name that you specify. This utility also associates the key pair with a specified publisher's name and creates a X.509 certificate that binds your name to the public part of the key pair.

Syntax

makecert [optional arguments] OutputCertificateFile

Basic Arguments

Argument Description
-sk Subject's key container name (will be created if not present).
-# Serial Number from 1 to 2^31-1. Default to be unique.
-$ The signing authority of the certificate: either individual or commercial.
-n Certificate subject X500 name (e.g.,: CN=Fred Dews).
-? Returns a list of basic arguments.
-ss Subject's certificate store name that stores the output certificate.
-sr Subject's certificate store location. <CurrentUser|LocalMachine>. Defaults to CurrentUser.
-! Returns a list of extended options.

Extended Arguments

Argument Description
-ik Issuer's key container name.
-sc Subject's certificate file.
-sv Subject's PVK file (will be created if not present).
-sp Subject's CryptoAPI provider's name.
-sy Subject's CryptoAPI provider's type.
-ic Issuer's certificate file.
-iv Issuer's PVK file.
-is Issuer's certificate store name.
-ir Location of issuer's certificate store, either CurrentUser or LocalMachine. The default is CurrentUser.
-ip Issuer's CryptoAPI provider's name.
-iy Issuer's CryptoAPI provider's type.
-a The signature algorithm, either md5, or sha (defaults to md5).
-d Display name for the subject.
-l Link to the policy information (such as URL).
-cy Certificate types: either end, authority, or both.
-b Start of the validity period in mm/dd/yyyy format (defaults to now).
-m The number of months for the certificate validity period.
-e End of validity period in mm/dd/yyyy format (defaults to 12/31/2039 11:59:59 GMT).
-h Max height of the tree below this certificate.
-r Create a self-signed certificate.
-nscp Include Netscape client-authorization extension.
-iky Issue key type <signature|exchange|<integer>>.
-sky Subject key type <signature|exchange|<integer>>.
-in Issuer's certificate common name.
-eku Comma-separated OIDs for enhanced key usage.
OutputCertificateFile The test X.509 certificate (.cer) file.

Examples

The following creates a test certificate and outputs it to testCert.cer.

makecert testCert.cer

The following creates a test certificate and outputs it to textXYZ.cer, using the subject's key container and the certificate subject's X500 name.

makecert -sk XYZ -n "CN=XYZ Company" testXYZ.cer 

See Also

Software Publisher Certificate Test Utility (Cert2spc.exe)