'Makecert' for 2048 bits

Question

For my application I need to generate a certificate with 2048 bits. Is it possible to generate using the 'makecert.exe' tool?

If not, which tool can be used to generate the certificate?

Answer 1

Yes, I created a configuration file (following MS documentation) to do the work which you can use with the following command (assuming that the conf file called config.inf) :

certreq -New config.inf csr_file

Here is the content of the configuration file (which you'll have to adapt to your need) :

; /!\ DON'T MODIFY THIS SECTION
[Version]
Signature = "$Windows NT$"

; Here are the TUNABLE THINGS
[NewRequest]
; Edit the subject to match your needs
Subject = "C=FR,ST=Ile De France,L=Paris,O=MyGroup,OU=MyTeam,CN=MySite"
; Indicate if the private key is exportable or not
Exportable = TRUE
; Minimum key length : 2048 bits
KeyLength = 2048
; Key Usages
KeyUsage = 0xe0
; Indicates if the certificate is stored in the machine store or not
MachineKeySet = TRUE
; Format of the output CSR file, you should not have to change that
RequestType = PKCS10
; Specify the provider used to generate the private/public key pair, you can
; list all the available providers by typing the following command :
; `certutil -csplist`
ProviderName = "Microsoft Enhanced RSA and AES Cryptographic Provider"
ProviderType = 24

Then, when you got back your certificate, you just have to import it with the following command :

certreq -Accept crt_file

Hope this will help :)

Answer 2

See here: SO Question about makecert

Update

OpenSSL might be your answer.

Answer 3

I used Makecert with 2048 bits options. It works fine. I don't the earlier statement said on the MSDN site. But it works fine.