KB: How to create a web server SSL certificate with makecert.exe

Assuming you have the signing certificate and private key in the “Personal” cert store of the current user.

makecert.exe -is my -ir CurrentUser -in “signing_cert_name” -pe -n CN=”host.jeffchiu.com” -eku 1.3.6.1.5.5.7.3.1 -ss my -sr CurrentUser -sky exchange -m 12

  • -is:    Issuer’s certificate store name.
  • -ir:    Issuer’s certificate store location.
  • -in:    Issuer’s certificate common name.
  • -pe:    Mark generated private key as exportable.
  • -n:    Certificate subject X500 name.
  • -eku:    Comma separated enhanced key usage OIDs.
    • 1.3.6.1.5.5.7.3.1    :    Server Authentication
    • 1.3.6.1.5.5.7.3.2 :    Client Authentication
  • -sky:    Subject key type.
  • -ss:    Subject’s certificate store name that stores the output certificate.
  • -sr:    Subject’s certificate store location.
  • -m:    The number of months for the cert validity period

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s