Creating Self-signed Signing Certificates
- Windows SDK 7.1
To produce a self-signed certificate on Windows that can be used for signing CoApp packages, we need to create an installable certificate, install it into a certificate store, and then export a .pfx file from it. All below commands must be entered in a Windows SDK command prompt (this is not the same as a standard command prompt!).
To generate a new installable self-signed certificate, enter the following:
makecert -pe -ss MY -sr LocalMachine -$ individual -n "CN=<CertName>" -len 2048 -r "<CertName>.cer"
This will generate an installable certificate file named
<CertName>.cer in the current directory.
To install a certificate file (like the one made in the previous step), enter the following:
CertMgr.exe /add "<CertName>.cer" /s /r localMachine root
This will install the
<CertName> certificate into the
LocalMachine\root certificate store.
To export a private key signing file for an installed certificate, enter the following:
certutil.exe -privatekey -exportpfx "<CertName>" "<CertName>.pfx"
This will create a
<CertName>.pfx signing key in the current directory. This .pfx file can be used by SimpleSigner to sign package files.