Wednesday 3 June 2015

Creating a self-signed certificate within Windows (the easy way!)

One of the great annoyances I have with Windows is the inability to do such simple tasks easily - like generating a self-signed certificate. On linux you can easily install and make use of openssl with a one liner. Although with Windows you have the following options:

- Install IIS and generate a new self-signed certificate (this is a little excessive in my opinion to achieve something so trivial.

- Install a dedicated CA and give up the idea of a self-signed certificate

- Use the makecert and pvk2pfx utilities (unfortuantly requiring you to download a whole host of unneeded junk with it.

I will explain the latter option:

1. Download and install the Windows Software Development Kit for Windows 7 (or 8) from:

2. Open an elevated command prompt and change the directory to:

"C:\Program Files (x86)\Windows Kits\8.0\bin\x86"

3. Create the self-signed certificate:

makecert -r -n "" -sv cert.pvk cert.cer

4. Combine the private key and certificate into a PFX container:

pvk2pfx -pvk cert.pvk -spc cert.cer -pi yourpassword -pfx cert.pfx


Post a Comment