Creating test X.509 Certificates


I occasionally find myself having to create dummy X.509 certificates, but it happens infrequently enough that I can never remember the steps to create just the right certificate without searching the web. Sometimes I find a good resource sometimes I don't - what I know is that I never do it same way twice!

Interestingly I think this happens because when I find a good example, I find it so easily that it doesn't occur to me that I might struggle to find it again later! Anyway, I'm going to put an end to all that and post what to do here for future reference.

Steps to create an test X.509 Certificate in .NET

From a .NET console window (works with 2005 and 2008) (you have to run with window with elevated privileges when using Vista):

  1. MakeCert -r -pe -n "CN=PackageDemo" -b 01/01/2007 -e 01/01/2010 -sky exchange -ss My

Optional, for file only versions of the certificate:

  1. CertMgr
  2. Export new certificate to disk, including the private key
  3. Delete from Certificate Manager

If you know a better way or you know a way to create just a file version including the private key, then please let me know.


Richard said...

I have the same problem with creating certs with OpenSSL.

I've been using TinyCA2 recently, which is a GU for managing certificate authorities using OpenSSL. I don't think it works on Windows, but if you have a Linux box lying around, give it a try.

Paul said...

Thanks Richard - I usually have a VPC of Ubuntu handy, so I'll take a look.