In order to create a self-signed X.509 Certificate that you can use in Visual Studio 2005, you need to use the makecert.exe and pvk2pfx.exe tools in "C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\Bin\".
First open a command prompt and type the following command:
makecert.exe -r -pe -n "CN=X500 Name" -sky exchange -sv PrivateKey.pvk Certificate.cer
Where the following apply:
“CN=X500 Name” equals the X.500 name of the server • “PrivateKey.pvk” is the filename to contain the private key
“Certificate.cer” is the filename containing the certificate with the public key. Note that this file is by default a DER encoded binary X.509 certificate
To create a private key that you then can use with the certificate inside your Visual Studio 2005 project, type the following command:
pvk2pfx.exe -pvk PrivateKey.pvk -spc Certificate.cer -pfx PrivateKeyForVS.pfx
This creates a Personal Information Exchange (PFX) file called PrivateKeyForVS.pfx. This PFX file contains both your public and private key. By including this file in your Visual Studio project you can then sign your communications.
The certificate can be used as is from .NET 2.0+ to create an dX509Certificate2, but if you need to embed it in an XML file, then you'll need to convert it to a Base-64 encoded X.509 certificate first.
I'm sure there's another way to do this, but the solution that I have that works is as follows
Start/Run/MMC
File/Add-Remove Snap-In
Click Add
Select Certificates and click Add
Select Computer Account and click Next
Select Local Computer and click Finish
Click Close
Click OK
Expand the Certificates (Local Computer) node until the Personal node is visible
Right-click on the Personal node, select All Tasks and then Import…
![clip_image002[7]](//lh3.google.com/Dean.Heard/RyVXukkf84I/AAAAAAAAACk/gLzDPL8aZG4/clip_image002%5B7%5D_thumb.jpg)
Click Next, and on the next screen, Browse for the certificate file that you need to convert. Several formats are available for import
![clip_image002[9]](//lh4.google.com/Dean.Heard/RyVXw0kf86I/AAAAAAAAAC0/hDLY7H9-4PU/clip_image002%5B9%5D_thumb.jpg)
Click Next, and on the next screen, confirm that the certification will be placed in the Personal store
![clip_image002[11]](//lh3.google.com/Dean.Heard/RyVXykkf88I/AAAAAAAAADE/-lU3x8EiGgY/clip_image002%5B11%5D_thumb.jpg)
Click Next, and then review the summary screen before clicking Finish. The Certificate Import Wizard will confirm that “The import was successful”. The imported certificate will now appear under the Certificates (Local Computer) Personal Certificates node. Right-click on the certificate and select All Tasks, then Export…
![clip_image002[13]](//lh3.google.com/Dean.Heard/RyVX0kkf8-I/AAAAAAAAADU/hUyY_XR6NSM/clip_image002%5B13%5D_thumb.jpg)
Click Next, and on the subsequent screen, select the File Format as Base-64 encoded X.509 (.CER)
![clip_image002[15]](//lh6.google.com/Dean.Heard/RyVX2Ukf9AI/AAAAAAAAADk/U4xkGR2B2Ew/clip_image002%5B15%5D_thumb.jpg)
Click Next, and on the next screen Browse and select a suitable location for the exported certificate
![clip_image002[17]](//lh6.google.com/Dean.Heard/RyVX5Ukf9CI/AAAAAAAAAD0/uWt4eRaXRJU/clip_image002%5B17%5D_thumb.jpg)
Click Next, and then review the summary screen before clicking Finish. The Certificate Export Wizard will confirm that “The export was successful”. You can now safely delete the certificate from the Personal store, by right-clicking on the certificate and selecting Delete
![clip_image002[7]](http://lh3.google.com/Dean.Heard/RyVXtkkf83I/AAAAAAAAACc/i3uw8mqd1xk/clip_image002%5B7%5D%5B2%5D.jpg)
![clip_image002[9]](http://lh3.google.com/Dean.Heard/RyVXvkkf85I/AAAAAAAAACs/M2z2gRXFHU0/clip_image002%5B9%5D%5B2%5D.jpg)
![clip_image002[11]](http://lh4.google.com/Dean.Heard/RyVXx0kf87I/AAAAAAAAAC8/nRduSCygEuo/clip_image002%5B11%5D%5B2%5D.jpg)
![clip_image002[13]](http://lh4.google.com/Dean.Heard/RyVXz0kf89I/AAAAAAAAADM/eNbe3r6mifM/clip_image002%5B13%5D%5B2%5D.jpg)
![clip_image002[15]](http://lh3.google.com/Dean.Heard/RyVX1kkf8_I/AAAAAAAAADc/rX9qyEb4lP8/clip_image002%5B15%5D%5B2%5D.jpg)
![clip_image002[17]](http://lh3.google.com/Dean.Heard/RyVX3kkf9BI/AAAAAAAAADs/m93M2z_qGOc/clip_image002%5B17%5D%5B2%5D.jpg)
If you open the exported certificate in Notepad (or equivalent), you will see something similar to:
-----BEGIN CERTIFICATE-----
MIIB5zCCAVCgAwIBAgIQI7EgGISTbL...
-----END CERTIFICATE-----
Copy and paste the code between the BEGIN CERTIFICATE and END CERTIFICATE lines into the appropriate place in your XML file. I hope this helps someone, as I had to research this from several different places across the web.
2 comments:
Many thanks for this recipe!
I spent 2 days because doesn't know about this key "-sky exchange"
Thank you very much. It helped me a lot.
Post a Comment