Monday, December 22, 2008

Creating Temporary X.509 Certificates

How to Create a Temporary X.509 Certificate for Message Security


Use the following steps to create a temporary X.509 certificate for message security:

1. Create a certificate to act as your Root Certificate Authority

makecert -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.cer


2. Create a Certificate Revocation List File from the Root Certificate

makecert -crl -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.crl


3. Install your Root Certificate Authority on the server and client machines. Use MMC to install the RootCATes.cer on client and server machines in the Trusted Root Certification Authorities store


4. Install the Certificate Revocation List file on the server and client machines. Use MMC to install the RootCATes.crl on client and server machines in the Trusted Root Certification Authorities


5. Create and install your temporary service certificate

makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer –sr localmachine -ss my -sky exchange -pe


6. Give the WCF Process Identity Access to the Temporary Certificate’s Private Key


7. FindPrivateKey.exe My LocalMachine -n "CN=tempCert"

cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\

4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030"

/E /G "NT AUTHORITY\NETWORK SERVICE":R

The value "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" should be the one returned by findprivatekey

2 comments:

  1. Its easy, but what is different between cert. provided by CA and self/temp generated one ?

    ReplyDelete
  2. Hi Raxit,

    Temporary Certificates are generated by self and cannot be used on production servers. The importance of a 3rd party or a CA is to assure the identity via a digital certificate.

    My idea to write this post was for developers who generally need to test application using digital certificates in development environment. :)

    ReplyDelete