-
Notifications
You must be signed in to change notification settings - Fork 5
/
CertificateCreationProcedure.txt
53 lines (29 loc) · 3.89 KB
/
CertificateCreationProcedure.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
//////////////////////////////////////////////////////////
// How to issue a certificate for testing of WWS module //
//////////////////////////////////////////////////////////
(1) In the Visual Studio developer prompt, type:
makecert -pe -n "CN=Certification Authority for Development" -cy authority -ss root -sr LocalMachine -r
This creates a certification authority and install it under "Trusted Root Certification Authorities\Certificates" (in management console).
(2) Then, use the new CA to create a new certificate for your local machine. Notice you must use your computer name in the command below:
[In server machine]
makecert -pe -n "CN=MyComputerName" -ss My -sr LocalMachine -in "Certification Authority for Development" -is root -ir LocalMachine -eku 1.3.6.1.5.5.7.3.1
[In client machine]
makecert -pe -n "CN=MyComputerName" -ss My -sr LocalMachine -in "Certification Authority for Development" -is root -ir LocalMachine -eku 1.3.6.1.5.5.7.3.2
(In a development environment confined within a single box, you can choose to have only one certificate for both client and server authentication, hence eliminating the "-eku" option.)
Because both client and server must rely in the same certificate CA, when you create the CA in one box, you must export the certificate to a file (including the private key) and import it into the other box. This way, the certificates in both boxes will have been issued by a common trusted CA.
(3) SERVER ONLY - In the management console (mmc.exe), use the snap-in for certificate management to look for the certificate you have just created. The thumbprint is the hash you will use in the command below. These commands will assign the new certificate to the endpoints localhost:8888 and localhost:8989:
netsh http add sslcert ipport=0.0.0.0:8888 certhash=da834158826f2207f9a1bbcce8fed201ad391376 appid={04EBD759-F3FF-4992-8D02-C1BFDB027A58} clientcertnegotiation=enable
netsh http add sslcert ipport=0.0.0.0:8989 certhash=da834158826f2207f9a1bbcce8fed201ad391376 appid={0670F436-50EA-4B8A-B62A-02EF8B39F9C9} clientcertnegotiation=enable
(The application ID can be any GUID.)
You are done!
//////////////////////////////////////////////////////////
// How to issue a certificate for testing of RPC module //
//////////////////////////////////////////////////////////
The following procedure requires Windows 8.1 and later.
In Powershell prompt elevated with admin privileges:
[Server machine]
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=MySelfSignedCert4DevTestsClient" -Provider "Microsoft Strong Cryptographic Provider" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2","2.5.29.17={text}upn=felipe.aburaya@hotmail.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter $(get-date -year 2026)
[Client machine]
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=MySelfSignedCert4DevTestsServer" -Provider "Microsoft Strong Cryptographic Provider" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1","2.5.29.17={text}upn=felipe.aburaya@hotmail.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter $(get-date -year 2026)
In case you are running the tests in an older Windows version, you will need to find a Win8.1+ box to generate a single certificate with the command below, than you can export it to a pfx file (including the private key) and import in your test machine(s):
New-SelfSignedCertificate -Type SSLServerAuthentication -Subject "CN=MySelfSignedCert4DevTests" -Provider "Microsoft Strong Cryptographic Provider" -TextExtension @("2.5.29.17={text}upn=felipe.aburaya@hotmail.com") -KeyUsage DataEncipherment -KeyAlgorithm RSA -KeyExportPolicy ExportableEncrypted -KeyLength 2048 -CertStoreLocation "Cert:\LocalMachine\My" -NotAfter $(get-date -year 2026)