Creating the Self-signed Key for the TLS
In my last post I described how to do the client-authenticated TLS and one of magic ingredients there was a certificate with the private key in the form of .pfx
files.
Server and client certificates are essentially the same but I’ll show creating of both anyhow. For this I will assume that your Windows SDK files are in the C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\
and that we are storing files in the root of the drive D:
cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
makecert -n "CN=MyServer" -r -sv D:\server.pvk D:\server.cer
Succeeded
makecert -n "CN=MyClient" -pe -r -sv D:\client.pvk D:\client.cer
Succeeded
pvk2pfx -pvk D:\server.pvk -spc D:\server.cer -pfx D:\server.pfx
pvk2pfx -pvk D:\client.pvk -spc D:\client.cer -pfx D:\client.pfx
DEL D:\client.cer D:\client.pvk D:\server.cer D:\server.pvk
This results in the server.pfx
and client.pfx
files. We can opt to import them into the Windows Certificate Store (also possible with makecert command) or to use them directly as in this example.