37

I'd like to generate a certificate for development purposes, but I don't want to install the certificate in the store.

makecert with the switch -pe doesn't create the private key if you specify an output file.

When I tried to create a .pfx file by exporting the certificate created with makecert, it asks for a password to protect the private key; I guess I can't use it with my WCF service since the config file has no information about the password...

Why in the hell is it so complicated? Do you know a simple tool to create a certificate with private key inside a file without password in one simple step?

JYelton
  • 35,664
  • 27
  • 132
  • 191
Nicolas Dorier
  • 7,383
  • 11
  • 58
  • 71

1 Answers1

55
makecert -r -pe -n "CN=CompanyXYZ Server" -b 01/01/2007 -e 01/01/2010 -sky exchange Server.cer -sv Server.pvk
pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx

from here.

Nicolas Dorier
  • 7,383
  • 11
  • 58
  • 71
  • 8
    This works great with one caveat. For me (6 years later, running VS2013), if I supply a password to the dialogs that come up, the pfx file seems to have no password (and I get a password-related security exception when using the pfx file in the C# X509Certificate2() method. I have to usethe -pi and -po switches on pvk2pfk.exe, even though the docs say it will default to using the given password. – bitcoder Aug 12 '15 at 23:44
  • @bitcoder Can you put here your command? If you still have it. ;) – Jenan Nov 14 '16 at 20:22
  • @Jenan I _think_ I used this in another answer here hopefully it is the thing you need (and the rest of the discussion there may be useful to you if you are using some of the C# apis with your cert): http://stackoverflow.com/questions/26654056/guidance-on-thinktecture-identityserver-v3-certificates/31977847#31977847 – bitcoder Nov 16 '16 at 05:41