The Certificate Creation tool generates X.509 certificates for testing purposes only. It creates a public and private key pair for digital signatures and stores it in a certificate file. This tool also associates the key pair with a specified publisher's name and creates an X.509 certificate that binds a user-specified name to the public part of the key pair.
Makecert.exe includes basic and extended options. Basic options are those most commonly used to create a certificate. Extended options provide more flexibility.
The correct syntax:
makecert -r -pe -n "CN=www.yourserver.com" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
C:\WINDOWS\system32>makecert -i
Usage: MakeCert [ basicextended options] [outputCertificateFile]
Basic Options
-sk
-pe Mark generated private key as exportable
-ss
certificate
-sr
-#
-$
-n
-? Return a list of basic options
-! Return a list of extended options
C:\WINDOWS\system32>makecert -!
Usage: MakeCert [ basicextended options] [outputCertificateFile]
Extended Options
-sc
-sv
-ic
-ik
-iv
-is
-ir
-in
-a
-ip
-iy
-sp
-sy
-iky
-sky
-l < link > Link to the policy information (such as a URL)
-cy
-b
-m
-e
-h
-r Create a self signed certificate
-nscp Include netscape client auth extension
-eku oid[<,oid>]> Comma separated enhanced key usage OIDs
-? Return a list of basic options
-! Return a list of extended options
No comments:
Post a Comment