Sometimes you need to create test certificates and keys for demos, tests and trials e.g. SSL certs for websites or for a Point-to-Site VPN connection to Microsoft Azure.
One of the cmd line tools you could use for creating test certificates is makecert.exe. However where to find & download it?:
makecert.exe is part of the Windows Software Development Kit (SDK) for Windows 8.1 oder Windows Software Development Kit (SDK) for Windows 10
Notes on the SDK:
- there are various versions that follow the OS versions
- at the time of the blog post (21th July 2015) it was 8.1 – you might want to check if there is a later one.
- the tools within might be updated
- you can install the SDK from the web or download its components as a whole (>700 MB)
You get makecert.exe when you install the “Windows Software Development Kit” portion, i.e. you don’t need to install everything:
After installing you’ll find it in the following folder:
C:\Program Files (x86)\Windows Kits\8.1\bin\x64
And you can create a Site-to-Site VPN Root Cert with e.g.:
makecert -sk exchange -r -n "CN=AdatumRootCertificate" -pe -a sha1 -len 2048 -ss My "AdatumRootCertificate.cer"
and a client Site-to-Site VPN Cert with e.g.:
makecert.exe -n "CN=AdatumClientCertificate" -pe -sk exchange -m 96 -ss My -in "AdatumRootCertificate" -is my -a sha1
makecert.exe -r -n "CN=SIL Root Cert" -pe -sr localmachine -ss AuthRoot -len 2048 -sky exchange -m 36
Creates a root certificate with exportable key and places it into the Trusted root auth store of the local computer.
makecert.exe -n "CN=SILAggregator" -in "SIL Root Cert" -eku 220.127.116.11.18.104.22.168.1 -ir localmachine -is AuthRoot -pe -sr localmachine -ss My -len 2048 -sky exchange -m 36
Creates a Server SSL certificate based on the above Root cert and places it into the local computers personal store.
makecert.exe -n "CN=SILClientAuth" -in "SIL Root Cert" -eku 22.214.171.124.126.96.36.199.2 -ir localmachine -is AuthRoot -pe -sr localmachine -ss My -len 2048 -sky exchange -m 36
Creates a Client Auth certificate