This is a short guide on how to create a self signed certificate in Windows and store it in files. There are many similar guides available out there, but most of them also imports the freshly created certificate into the certificate store. Sometimes I prefer to be able to create a certificate without polluting my certificate store.

In a developer command prompt (or a normal prompt where you have makecert and pvk2pfx in the path) run these commands:

makecert -r -n "CN=www.example.com" -sv cert.pvk cert.cer
pvk2pfx -pvk cert.pvk -spc cert.cer -pfx cert.pfx

Continue reading for explanation of the commands and switches.

makecert

makecert creates the certificate. When run, it will show a prompt where it is possible to enter a password for the private key of the cert.

Two files will be created by makecert. The .cer file contains the public information about the certificate and the .pvk file contains the private key. For ease of use, these two can be combined into a pfx file with the pvk2pfx command.

pvk2pfx

pvk2pfx combines the private key and the public information about the certificate into a .pfx file.

The pfx file can be loaded into the certificate store (double click on it in the windows explorer) or used directly from the code with the X509Certificate2(string fileName) constructor.

Privacy

Please be aware that the .pvk and .pfx files contains the private key for the certificate. Anyone with access to those files can spoof the identity of the certificate, so handle them appropriately.

To show the information about the certificate to someone else, the .cer file contains everything needed without revealing the private key.

• ← Scrum – What’s in it for me, the Developer?
• Kentor.AuthServices vs. Shibboleth for SAML2 on ASP.NET →