4

I'm following this tutorial to implement a licensing solution to my software.

At some point the tutorial ask to run a makecert command:

makecert -pe -ss My -sr CurrentUser -$ commercial -n "CN=<YourCertName>" -sky Signature

But at this time makecert became obsolete and all the solution I tried to make it work fails on my Windows 10 with Visual Studio 2017. No, the developer Command Prompt don't help. No, installing Windows SDK don't help.

The only serious solution seems to accept the obsolecense of makecert and use the Powershell New-SelfSignedCertificate command.

And I could create this table:

enter image description here

But i'm not sure this is correct. Could you please help me to translate this MakeCert command to New-SelfSignedCertificate command.

Is this correct?

New-SelfSignedCertificate -KeyExportPolicy Exportable -CertStoreLocation "Cert:\CurrentUser\My" -Type Custom -Subject "CN=<YourCertName>" -KeySpec Signature
Bastien Vandamme
  • 17,659
  • 30
  • 118
  • 200
  • I also have another quick question about this if you can help me. What is the subject? Can I fill by any value I choose? Or should it be something defined? – Bastien Vandamme Oct 14 '19 at 10:02
  • I am trying the adverised answer (which was never "accepted") and whilst I can run the command OK in Powershell I do not have a certificate listed in the Certificate Manage. Please advise how you dealt with this. – Andrew Truckle Oct 04 '21 at 10:28

1 Answers1

3

Your command looks good to me, though instead of a Custom type I believe you'll want to use CodeSigningCert. I do want to note that you don't have to specify CN= in the subject parameter as it's automatic.

To answer your second question, the subject should be the name of whatever is protected by the certificate. It's normally how the resource is accessed (e.g. server name). For a code signing certificate, typically your organization name, or some variant, would be used.

codewario
  • 19,553
  • 20
  • 90
  • 159