
I was playing around with WS-Security and needed a X509 certificate to test my service but I didn’t want to go through the hassle of installing that dreaded Microsoft Certificate Services and use that to create a new certificate for my needs. With Visual Studio comes a tool called makecert.exe just for the purpose of creating a quick test certificate.
I read the command line help and used all the appropriate command line switches but was unable to produce a working certificate. After some searching on the web I found a little note of Christian d’Heureuse on How to use makecert.exe to create a self-signed test certificate that can be used with IIS for SSL. It seems that makecert will not make the private key exportable as I had expected. Instead you must use an extra command line switch -pe to be able to export the private key with the certificate. This command line switch is not supported by the version of makecert that is installed with Visual Studio. You need a new version of makecert.exe that can be downloaded from Microsoft.
I want to thank Christian for pointing this out on his website, else I would never have known that a new version of makecert was the difference between success and failure when it comes to creating a quick test certificate.
One comment
Hi Guido,
Thanks for sharing this information! Very useful and it actually works! 🙂
I have 2 questions though:
1. How can you make this work for your local IIS (running on XP/SP2) since for each site in this version of IIS you cannot choose "Server certificate".
2. When I open a website using this certificate, the first time I get the IE-notification that the site is not trusted. So, I’ve added my website (https://www.mywebsite.com) to the trusted sites but I still get this notification (also after restarting). Do you know why?
Thanks again!
Marrik