5

Given the following powershell function:

function CreateRootCertificate($certificateName, $path, $certificatePassword){
    makecert -r -pe -n "CN=$certificateName" -sky exchange $path\$certificateName.cer -sv $path\$certificateName.pvk
    pvk2pfx.exe -pvk $path\$certificateName.pvk -spc $path\$certificateName.cer -pfx $path\$certificateName.pfx -po $certificatePassword
}

makecert is prompting me to enter the certificate password. From what I understand it wont do this, if the *.pvk file already exists, and has a password set upon it.

SO my question is, how do I split my single makecert command in two separate commands, one to create the *.pvk and another to create the *.cer?

Many Thanks

Mick Walker
  • 3,862
  • 6
  • 47
  • 72
  • “makecert.exe” will always prompt for password when creating a private key. One way around this is to write code, to find the password input window and enter your password in it. (Ugly) The other is to use OpenSSL. (Preferred) In OpenSSL use "openssl genrsa -aes128 -passout pass:password -out $certificateName.pvk 2048” to generate a private key with passphrase. Or, if you work with certificates a lot, forget “makecert.exe” altogether and use OpenSSL. – Jan Chrbolka Mar 06 '15 at 05:41

1 Answers1

3

“Makecert.exe” will always prompt for password when creating a private key.

One way around this prompt may be to write code/macro, to find the password input window and enter your password in it.

The other is to use OpenSSL. In OpenSSL use 

openssl genrsa -aes128 -passout pass:password -out $certificateName.pvk 2048

to generate a private key with passphrase.

If you do work with certificates a lot, I would recomend to forget “makecert.exe” altogether and use OpenSSL instead.

Jan Chrbolka
  • 4,184
  • 2
  • 29
  • 38
  • You saved my day. Do you know if it's possible to do the same with `ssh-keygen` instead of `openssl`? – Cartucho Dec 12 '18 at 18:32
  • 1
    You're welcome. In `ssh-keygen` you should be able to use the -N `new_passphrase` flag. https://stackoverflow.com/questions/43235179/how-execute-ssh-keygen-without-prompt – Jan Chrbolka Dec 12 '18 at 21:52