PRODUCTION OF A of TEST CERTIFICATE WITH THE HELP OF THAT
MAKECERT.EXE
The test certificate is a certificate, which is issued by no well-known
certification body. The test certificate is a "Self Signed" certificate. It can with the help of the program
MakeCert.exe to be provided. The program is part of the platform SDK, which free of charge
from Microsoft to the order one places.
(http://www.microsoft.com/msdownload/platformsdk/sdkupdate/)
If on the computer Microsoft Visual studio NET 2003 is installed, one can do that
Program Makecert.exe under "C:\Program Files\Microsoft Visual studio NET
2003\Common7\Tools\Bin "find. In order to provide a test certificate, one can
MakeCert.exe in the following way call up:
MakeCert.exe m 12 eku 1.3.6.1.5.5.7.3.3 n "CN=My Authority" PE r ss MY MySign.cer
We describe briefly all parameters, which are mentioned above:
· the key m 12 means that the running time of the certificate amounts to 12 months.
· the key eku 1.3.6.1.5.5.7.3.3 explains that in the certificate an additional
Field with the extended key use code signature is added. Those
Combination of signs 1.3.6.1.5.5.7.3.3 is an object ID (OID), for that
Intended purpose code signature (code signing) is registered (see e.g..
http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.3.html).
· the key n "CN=My Authority" gives a name to the issued certificate.
One can enter the names of an administrator here. The form of the character string
standard must correspond to the X.500. For example n "CN=Stefan sample man"
or n "CN=Stefan sample man, O=My company,
E=Stefan.Mustermann@MyCompany com ". A detailed description gives it
under http://msdn.microsoft.com/library/default.asp?url=/library/enus/
security/security/certstrtoname.asp.
· the key PE means that MakeCert.exe generates a private key,
some public key from the certificate corresponds.
· the key r means that the produced certificate is "Self Signed ". With others
Words that it is a test certificate and from no well-known certification body
one issued.
· the key ss MY means that the produced certificate with the name MY
under certificate memory (Certificate net curtain) one stores. Most standard
Certificate memory has located names. Z. B. becomes the certificate memory with that
Name MY in the English version of Windows as "My Certificates ", in that
Germans "own certificates " calls.
· the parameter MySign.cer means that the produced certificate also in the file
MySign.cer is stored.
If one provides a certificate for coding purposes, one should the key sky
exchange use.
MakeCert.exe offers a possibility, a mini PKI (mini infrastructure of public keys)
to construct. So one can provide first a root certificate of your enterprise. This
One produces certificate (one uses the key r) for certificate as "Self Signed " -. Afterwards
provides one one or more certificates, those in T2U for marking and/or for coding
are used. One can issue a certificate e.g. per T2U administrator.
These certificates should be however not "Self Signed ", but are with the certificate of the
Enterprise marked its:
MakeCert.exe -pe -ss MY -a sha1 -cy authority -len 8192 -e 12/31/2020 -r
-n "CN=My Company Root Authority,O=My Company,C=DE" MyCompany.cer
MakeCert.exe -pe -ss MY -a sha1 -len 4096 -e 12/31/2020 -eku 1.3.6.1.5.5.7.3.3
-n "CN=Stefan Mustermann,O=My Company" -is MY -in "My Company Root Authority"
MakeCert.exe -pe -ss MY -a sha1 -len 4096 -e 12/31/2020 -n "CN=T2U Service,O=My Company"
-is MY -in "My Company Root Authority" -sky exchange T2UService.cer
In this example three certificates are provided:
_ "Self Signed " - certificate "My company root Authority"
_ personal certificate for Stefan sample man, that as T2U-administrator in "My
Company "is active. This certificate becomes from Mr. Mustermann marking
the T2U-paketes uses.
_ a certificate "T2U service", which for coding and/or.
Decoding is used by T2U-paketen.
In order to get a description of the MakeCert.exe keys, you start
MakeCert.exe with the key -? and -!.
Go to Help Contents
|
