Create pfx files in automation

Recently I needed many (tens of) self signed .pfx files to test my new feature. In my team dev owns unit testing and functional testing. I know that the below tool makecert.exe can be used to create certificates
https://msdn.microsoft.com/en-US/library/bfsktky3(v=VS.80).aspx

However makecert.exe creates a certificate and puts it into a certificate store but it can't just create .pfx files directly. By playing with this tool I found out that I can get .pfx files by doing  the below
 1. Create .pfx file by using makecert.exe and make it exportable
 2. Open certificate management console (type certmgr.msc in cmd window), export them manually
 
It works but it would be tedious if I do this manually since I need many certificates. So I found another tool certutil.exe which is built into Windows. I suppose that it should be easy task by combining the two tools together. However it is not that easy. The reason is that I create a cert store when using makecert.exe and put all the certificates into that cert. this way it is easier to manage. But cerutil.exe can't find the certificates in the new store I created. After trying a few times I decided to ask one of my friends who is a certificate expert and found that I need to use an undocumented option -user.  With that this task becomes easy and I wrote the below powershell script to do that task.

#I need 50 self signed .pfx files
$num = 50

for($i=0; $i -le $num; $i++)
{
 $cn = "CN=paullou"+$i
 makecert.exe -r -ss test -pe -n $cn
}

for($i=0; $i -le $num; $i++)
{
 $fileName = "RDFETest"+$i+".pfx"
 certutil -user -p password -exportpfx test $i  $fileName
}

A little bit explanation
makecert.exe -r -ss test -pe -n $cn
-r : create self signed certificate
-ss: store name. it creates a new store called test in this case
-pe: make the certificate exportable
-n: specify certificate name

certutil -user -p password -exportpfx test $i  $fileName
-user: specify it is a user store
-p: specify the password for the new .pfx file
-exportpfx: export pfx file, test is the store name, $i is the index. The certificate name can also be used

Comments

  • Anonymous
    July 03, 2012
    Really appreciate.

  • Anonymous
    March 05, 2013
    useful