0

I want to create personal certificate, using existing certificate as issuer. I have both cer and pvk files for issuer. I'm using makecert with next parameters:

makecert.exe ^
-n "CN="domainname.com" ^
-iv CARoot.pvk ^
-ic CARoot.cer ^
-a sha512 ^
-len 4096 ^
-sky exchange ^
certificatename.cer

where CARoot is previously created certificate serving as Certificate Authority.

Everything works as expected - certificate is properly created, having CARoot as issuer.

My current concern is, that I want to avoid any UI while certificate is generated (since it will be part of automated process). For now, UI window appears for password of pvk file.

Can I somehow put password in command line?

lentinant
  • 792
  • 1
  • 10
  • 36
  • Just to add: `makecert` tool is officially deprecated and not recommended for use: https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx – Crypt32 Oct 11 '16 at 14:20
  • @CryptoGuy still, I need to create certificate in runtime for specific DNS name, and based on another certificate. If there are any other portable tools, which will allow to do this silently, I will gladly use them. – lentinant Oct 11 '16 at 14:50
  • Either, use PowerShell cmdlet, or you can use CertEnroll COM (actually, PowerShell is just a wrapper over CertEnroll) interfaces at runtime. – Crypt32 Oct 11 '16 at 15:02

1 Answers1

0

There is same discussion here.

When using MakeCert to create a self-signed certificate it will show popups to enter the passwords for the private key. There is no option available to run MakeCert in silent mode and prevent it from showing the popup windows. You can check the following codeproject to use the provided JavaScript code to run MakeCert without the password popup windows.

You can also use some custom commands like "winpr-makecert" with "-Silent" option. For more information see here.

amirfg
  • 272
  • 2
  • 6
  • 21