locked
Create a self-signed certificate chain with a given certificate template RRS feed

  • Question

  • I am trying to create a self-signed certificate chain which should have the following 2 certificates:

    1. Root cert.

    2. Cert1 signed using root cert with certificate template as CEPEncryption.

    Currently, I am able to create a self-signed certificate and create Cert1 (acting as a sub-ordinate cert) signed using the root cert (not by myself, through the use of the code provided here).

    The only problem is that I need Cert1 to be of a particular template instead of being a sub-ordinate cert. Can anyone help?

    Tuesday, January 19, 2016 6:31 AM

Answers

  • Hi Shyam,

    What about using makecert.exe.

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

    Following article told us how to create self-signed certificates using makecert.exe.

    http://dotnetcodr.com/2015/06/01/https-and-x509-certificates-in-net-part-2-creating-self-signed-certificates/

    Then you could create a cert using follow code.

    ProcessStartInfo info = new ProcessStartInfo();
    Process p = new Process();
    info.FileName = @"makecert.exe";
    info.UseShellExecute = true;
    info.Verb = "runas";
    info.Arguments = "put your arguments here";
    p.StartInfo=info;
    p.Start();

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,
    Li Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by Kristin Xie Friday, January 29, 2016 9:34 AM
    • Marked as answer by Kristin Xie Monday, February 1, 2016 9:30 AM
    Friday, January 22, 2016 9:09 AM

All replies

  • Hi Shyam,

    >>The only problem is that I need Cert1 to be of a particular template instead of being a sub-ordinate cert.

    I am not sure what you mean by "a sub-ordinate cert".

    Based on that link you posted, I see the CreateSubordinate method, but since it is a third-party product, I am afraid this is out of our support scope.

    By the way, per my understanding,  a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key. I am afraid there is no a particular template.

    Best regards,

    Kristin


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    • Edited by Kristin Xie Wednesday, January 20, 2016 5:48 AM
    Wednesday, January 20, 2016 5:48 AM
  • Hi Kristin,

    Thanks for the response.

    Let me re-phrase that a bit.I need a certificate chain with one cert acting as a root certificate and another being issued by the root cert (implying that Issuer of 2nd cert = Subject of 1st cert). I need the 2nd cert to be signed by the root cert's private key. In addition, what I mean by templates is, that I need the 2nd cert to be issued with particular KeyUsage & EnhancedKeyUsage extensions.

    The link I shared is just a sample C# code. If you could provide me another working sample, I'd be more than happy to try it. I've run into issues signing the 2nd cert with the root cert's private key, being that the extensions that I provide, do not get retained after the 2nd cert has been signed. I've seen some working solutions that use BouncyCastle but I'm currently restricted from using 3rd party APIs.

    Any help would be much appreciated.

    -Shyam

    Thursday, January 21, 2016 12:29 PM
  • Hi Shyam,

    What about using makecert.exe.

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa386968(v=vs.85).aspx

    Following article told us how to create self-signed certificates using makecert.exe.

    http://dotnetcodr.com/2015/06/01/https-and-x509-certificates-in-net-part-2-creating-self-signed-certificates/

    Then you could create a cert using follow code.

    ProcessStartInfo info = new ProcessStartInfo();
    Process p = new Process();
    info.FileName = @"makecert.exe";
    info.UseShellExecute = true;
    info.Verb = "runas";
    info.Arguments = "put your arguments here";
    p.StartInfo=info;
    p.Start();

    Note: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    Best Regards,
    Li Wang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by Kristin Xie Friday, January 29, 2016 9:34 AM
    • Marked as answer by Kristin Xie Monday, February 1, 2016 9:30 AM
    Friday, January 22, 2016 9:09 AM