Programmaticaly creating self-signed certificate RRS feed

  • Question

  • How do I programmaticaly create self-signed certificate in .NET? Reflector shows that System.dll imports CertCreateSelfSignCertificate (System.Security.Cryptography.CAPIUnsafe class), but this import is not being used. Did they just forget?
    Wednesday, June 11, 2008 3:40 PM


All replies

  • It's used by WCF, System.ServiceModel.dll
    Hans Passant.
    • Proposed as answer by Bruno Yu Monday, June 16, 2008 6:47 AM
    Wednesday, June 11, 2008 3:57 PM
  • How do I programmatically create self-signed certificate using System.ServiceModel.dll. There is System.ServiceModel.Channels.SelfSignedCertificate class, but it is internal.
    Wednesday, June 11, 2008 4:07 PM
  • Alex,

    You could try to use the steps in the article How to: Create Temporary Certificates for Use During Development

    To create a self-signed root authority certificate and export the private key, use the MakeCert.exe tool with the following switches:

    -n subjectName. Specifies the subject name. The convention is to prefix the subject name with "CN = " for "Common Name".

    -r. Specifies that the certificate will be self-signed.

    -sv privateKeyFile. Specifies the file that contains the private key container.

    For example, the following command creates a self-signed certificate with a subject name of "CN=TempCA."

    makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cerYou will be prompted to provide a password to protect the private key. This password is required when creating a certificate signed by this root certificate.

    Hope that can provide you some idea.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    • Marked as answer by Bruno Yu Monday, June 16, 2008 6:46 AM
    • Unmarked as answer by Alex Ivanoff Monday, June 16, 2008 1:21 PM
    Monday, June 16, 2008 6:45 AM
  • You missed the point: I need to programmaticaly create it, not using a tool.
    Monday, June 16, 2008 1:22 PM
  • P/Invoke did the trick. Was not easy, though.
    • Marked as answer by Alex Ivanoff Friday, July 4, 2008 3:34 AM
    Friday, July 4, 2008 3:34 AM
  • can you please provide source to do it? thanks
    Wednesday, January 21, 2009 12:12 AM
  • Certificate added to mmc using this tool has following certificate status!

    This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.

    But being a selfsigned certificate the status should be ok.

    When we create a certificate with IIS the status is OK!

    I wonder what am I missing here + we can not give the friendly name here!

    Please help


    Wednesday, January 28, 2009 8:25 PM