Create pfx files in automation
Recently I needed many (tens of) self signed .pfx files to test my new feature. In my team dev owns unit testing and functional testing. I know that the below tool makecert.exe can be used to create certificates
https://msdn.microsoft.com/en-US/library/bfsktky3(v=VS.80).aspx
However makecert.exe creates a certificate and puts it into a certificate store but it can't just create .pfx files directly. By playing with this tool I found out that I can get .pfx files by doing the below
1. Create .pfx file by using makecert.exe and make it exportable
2. Open certificate management console (type certmgr.msc in cmd window), export them manually
It works but it would be tedious if I do this manually since I need many certificates. So I found another tool certutil.exe which is built into Windows. I suppose that it should be easy task by combining the two tools together. However it is not that easy. The reason is that I create a cert store when using makecert.exe and put all the certificates into that cert. this way it is easier to manage. But cerutil.exe can't find the certificates in the new store I created. After trying a few times I decided to ask one of my friends who is a certificate expert and found that I need to use an undocumented option -user. With that this task becomes easy and I wrote the below powershell script to do that task.
#I need 50 self signed .pfx files
$num = 50
for($i=0; $i -le $num; $i++)
{
$cn = "CN=paullou"+$i
makecert.exe -r -ss test -pe -n $cn
}
for($i=0; $i -le $num; $i++)
{
$fileName = "RDFETest"+$i+".pfx"
certutil -user -p password -exportpfx test $i $fileName
}
A little bit explanation
makecert.exe -r -ss test -pe -n $cn
-r : create self signed certificate
-ss: store name. it creates a new store called test in this case
-pe: make the certificate exportable
-n: specify certificate name
certutil -user -p password -exportpfx test $i $fileName
-user: specify it is a user store
-p: specify the password for the new .pfx file
-exportpfx: export pfx file, test is the store name, $i is the index. The certificate name can also be used
Comments
Anonymous
July 03, 2012
Really appreciate.Anonymous
March 05, 2013
useful