Creating Self-Signed Certificate for Token Signing
  • 14 Nov 2023
  • 1 Minute to read
  • Dark
    Light

Creating Self-Signed Certificate for Token Signing

  • Dark
    Light

Article summary

Note
Please use the client name instead of sp13g in the scripts below.

Download makecert.exe, start the command prompt, navigate to location where makecert.exe is downloaded and execute the following commands:

Certificate Authority (CA)

.\makecert -r -pe -n "CN=sp13gRoot" -a sha512 -sky signature -cy authority -sv sp13gRoot.pvk -len 4096 -e 01/04/2099 sp13gRoot.cer

Now let's create a certificate using our CA.

Certificate

.\makecert -pe -n "CN=sp13g" -a sha512 -len 4096 -sky exchange -ic sp13gRoot.cer -iv sp13gRoot.pvk -sv sp13g.pvk sp13g.cer

Now we need a private key to be created from pvk, so let's do that using the pvk2pfx tool, ensuring you export the private key when prompted.

PFX

Download pvk2pfx.exe, start the command prompt, navigate to location where pvk2pfx.exe is downloaded and execute the following commands:

.\pvk2pfx -pvk sp13g.pvk -spc sp13g.cer

As a result of this step, you'll have the following:

  • CA: Installed in your Local Machine’s Trusted Root Certification Authorities store
  • PFX: Installed in your Local Machine’s Personal store, with private keys set to exportable
  • Certificate: will be used in the application configuration
Note
The CA Certificate must be installed as 1st certificate.

Was this article helpful?