How to Create a Temporary X.509 Certificate for Message Security
Use the following steps to create a temporary X.509 certificate for message security:
1. Create a certificate to act as your Root Certificate Authority
makecert -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.cer
2. Create a Certificate Revocation List File from the Root Certificate
makecert -crl -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.crl
3. Install your Root Certificate Authority on the server and client machines. Use MMC to install the RootCATes.cer on client and server machines in the Trusted Root Certification Authorities store
4. Install the Certificate Revocation List file on the server and client machines. Use MMC to install the RootCATes.crl on client and server machines in the Trusted Root Certification Authorities
5. Create and install your temporary service certificate
makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer –sr localmachine -ss my -sky exchange -pe
6. Give the WCF Process Identity Access to the Temporary Certificate’s Private Key
7. FindPrivateKey.exe My LocalMachine -n "CN=tempCert"
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\
4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030"
/E /G "NT AUTHORITY\NETWORK SERVICE":R
The value "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" should be the one returned by findprivatekey
Its easy, but what is different between cert. provided by CA and self/temp generated one ?
ReplyDeleteHi Raxit,
ReplyDeleteTemporary Certificates are generated by self and cannot be used on production servers. The importance of a 3rd party or a CA is to assure the identity via a digital certificate.
My idea to write this post was for developers who generally need to test application using digital certificates in development environment. :)