Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

MakeCert

MakeCert (Makecert.exe) is a command-line CryptoAPI tool that creates an X.509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.

MakeCert supports a large number of switches but this section only describes the basic switches that are relevant to creating a test certificate that can be used to test-sign a driver package or embed a signature in a driver file.


    MakeCert [/b DateStart] [/e DateEnd] [/len KeyLength] [/m nMonths] [/n "Name"] [/pe] [/r] [/sc SubjectCertFile] [/sk SubjectKey] [/sr SubjectCertStoreLocation] [/ss SubjectCertStoreName] [/sv SubjectKeyFile]OutputFile

Partial list of switches and arguments

/b DateStart

Specifies the start date when the certificate first becomes valid. The format of DateStart is mm/dd/yyyy.

If the /b switch is not specified, the default start date is the date when the certificate is created.

/e DateEnd

Specifies the end date when the certificate's validity period ends. The format of DateEnd is mm/dd/yyyy.

If the /e switch is not specified, the default end date is 12/31/2039.

/len KeyLength

Specifies the length, in units of bits, of the subject's private and public keys.

If the /len switch is not specified, the default key length is 1024 bits.

/m nMonths

Specifies the number of months starting from the start date during which the certificate will remain valid.

/n "Name"

Specifies a name for the certificate. This name must conform to the X.500 standard. The simplest method is to use the "CN=MyName" format.

If the /n switch is not specified, the default name of the certificate is "Joe's Software Emporium".

/pe

Configures MakeCert to make the private key that is associated with the certificate exportable.

/r

Configures MakeCert to create a self-signed root certificate.

/sc SubjectCertFile

Specifies the subject's certificate file name along with the existing subject public key that is used.

/sk SubjectKey

Specifies the name of the subject's key container that holds the private key. If a key container does not exist, a new key container is created. If neither /sk nor /sv switch is entered, a default key container is created and used by default.

/sr SubjectCertStoreLocation

Specifies the registry location of the certificate store. The SubjectCertStoreLocation argument must be either of the following:

currentUser

Specifies the registry location HKEY_CURRENT_USER.

localMachine

Specifies the registry location HKEY_LOCAL_MACHINE.

If the /r switch is not specified along with the /s switch, currentUser is the default.

/ss SubjectCertStoreName

Specifies the name of the certificate store where the generated certificate is saved.

/sv SubjectKeyFile

Specifies the name of the subject's .pvk file that holds the private key. If neither /sk nor /sv switch is entered, a default key container is created and used by default.

OutputFile

The name of the file in which the generated certificate is saved.

Comments

MakeCert supports a large number of switches. The switches described in this topic are limited to the ones that you can use to create a test certificate.

For a complete list of MakeCert parameters, see the MakeCert website and the Using MakeCert website.

A 32-bit version of the MakeCert tool is located in the bin\i386 folder of the WDK. A 64-bit version of the tool is located in the bin\amd64 and bin\ia64 folders of the WDK.

Examples

In the following example, the MakeCert command generates a self-signed test certificate named "Contoso.com(Test)," installs the test certificate in the PrivateCertStore certificate store, and creates the Testcert.cer file, which contains a copy of the test certificate.


MakeCert -r -pe -ss PrivateCertStore -n "CN=Contoso.com(Test)" testcert.cer

 

 

Send comments about this topic to Microsoft

Show:
© 2015 Microsoft