Creating a Self-Signed Certificate Using Microsoft's Certificate Creation Tool

Create your own self-signed certificate using MakeCert, which is Microsoft’s certificate creation tool that exists in Windows.

For more information, refer to the following website:

http://msdn.microsoft.com/en-us/library/aa386968(VS.85).aspx

  1. Open a command prompt and enter the following command: makecert -b 01/01/1999 -r -pe -n "CN=< Certificate Name>" -eku 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.1 -cy authority -sv AgentryServerAuthorityCertificate.pvk AgentryServerAuthorityCertificate.cer
  2. Create a new certificate for the Agentry Server's authentication by entering: makecert -b 01/01/1999 -pe -n "CN=< Certificate Name>" -eku 1.3.6.1.5.5.7.3.1 -ic AgentryServerAuthorityCertificate.cer -iv AgentryServerAuthorityCertificate.pvk -sky exchange -sv AgentryServer.pvk AgentryServer.cer
  3. Convert the certificate to a PFX file. In the command prompt enter: pvk2pfx -pvk AgentryServer.pvk -spc AgentryServer.cer -pfx AgentryServer.pfx -po SAP -pi SAP pvk2pfx -pvk AgentryServerAuthorityCertificate.pvk -spc AgentryServerAuthorityCertificate.cer -pfx <NewAgentryServer>.pfx -po SAP -pi SAP where <NewAgentryServer> can be any unique name for the new PFX file.

    An example of a unique PFX name is NewAgentryServer.pfx.

  4. Create a signing certificate trust list by entering: makectl -u 1.3.6.1.4.1.311.2.2.3 AgentryServerAuthorityCertificate.cer AgentryServerAuthorityCertificate.stl signtool sign -u 1.3.6.1.5.5.7.3.3 -d "Root Certificate for Un-Authenticated Agentry Servers" -r "Agentry Server (Self Signed)" -f <NewAgentryServer>.pfx -p <password> AgentryServerAuthorityCertificate.stl where <password> is your password for the new certificate.
  5. Create a trusted certificate list by entering: certmgr -add -all -ctl AgentryServerAuthorityCertificate.stl AgentryTrustedCertificates.sst certmgr -add -all -c AgentryServerAuthorityCertificate.cer AgentryTrustedCertificates.sst
  6. Copy the PFX file into the directory where the Agentry Server instance for the application is located.
  7. Copy the new AgentryTrustedCertificates.sst to the Agentry Client installation folder to replace the original AgentryTrustedCertificates.sst file installed with the Client.
  8. Restart the Server and the Client.
  9. Log in to the Sever using the Client.
Parent topic: Authentication Certificates