none
MakeCert.exe Doesn't Like Me RRS feed

  • Question

  • I am following the steps in How to: Create Temporary Certificates for Use During Development to create a self-signed root CA and then a signed (by the root CA) certificate.

    Here is a copy/paste of my Developer Command Prompt for VS2012 session.  This is on Windows Server 2012.

    >makecert -n CN=TempCA -r -sv TempCA.pvk TempCA.cer
    Succeeded

    >makecert -pe -ss My -sr LocalMachine -sky exchange -n CN=SignedByCA -iv TempCA.pvk -ic TempCA.cer -sk SignedByCA SignedByCA.cer
    Error: Can't create the key of the subject ('SignedByCA')
    Failed

    >makecert -pe -ss My -sr LocalMachine -sky exchange -n CN=SignedByCB -iv TempCA.pvk -ic TempCA.cer -sk SignedByCB SignedByCB.cer
    Succeeded

    The *ONLY* difference between command # 2 and command # 3 is A instead of B (SignedByCA instead of SingedByCB).

    I can't figure out for the life of me why one works and the other one doesn't.  Why can't I use SignedByCA as the subject.

    It should be noted that if I don't make the certificate for exchange or with an exportable key (leave off the -pe and -sky exchange parameters), it works:

    >makecert -ss My -sr LocalMachine -n CN=SignedByCA -iv TempCA.pvk -ic TempCA.cer -sk SignedByCA SignedByCA.cer
    Succeeded

    What am I missing?  I just spent 6 hours finding this out.

    Thursday, June 27, 2013 9:28 PM

Answers

All replies