问题
We have a shrink wrap type Windows server application where we need to create a self signed certificate on the server to be used by some WCF web services. From our searches on the web, it appears that the makecert utility in the PlatformSDK from Microsoft cannot be distributed with our application, so we're looking for alternatives.
Does anyone know how to use OpenSSL to create a certificate and get it into the Windows LocalMachine certificate store? Or, alternatively is it straight forward to insert the certificate into the store in a .NET application and should we just create the certificate file with openssl? Any help/suggestions would be appreciated.
回答1:
[Unfortunately, I can't comment on anything yet, so I'll post this as an answer.]
I see that this post is a bit old, but I'm in a similar boat and I found this in the Visual Studio 2008 redist.txt file:
Windows SDK Files
Subject to the license terms for the software, the following files may be distributed unmodified:
MageUI.exe
Mage.exe
Makecert.exe
Not sure if something has changed (and if my interpretation is correct), but it looks like makecert.exe included as part of the Windows SDK, which is in-turn included as part of the VS2008 install can actually be redistributed.
回答2:
You can now Create Self Signed Certificates with PowerShell The commands you need are New-SelfSignedCertificate and Export-PfxCertificate. Ex: to create a certificate
New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname orin.windowsitpro.internal
to export it
Export-PfxCertificate -cert cert:\localMachine\my\CE0976529B02DE058C9CB2C0E64AD79DAFB18CF4 -FilePath e:\temp\cert.pfx -Password $pwd
This link is really helpful
https://www.itprotoday.com/powershell/creating-self-signed-certificates-powershell
回答3:
Woohoo! It's time for pinvoke for you
crypt32 provides a CertCreateSelfSignCertificate function; if that succeeds you can store it in the user's personal store (or the machine store assuming you're working elevated)
回答4:
I haven't used OpenSSL, but I'm in the same boat and have found this article helpful:
Securing WCF Services with Certificates
The author walks you through installing Microsoft Certificate Services, creating a CA that can be added to the trusted certificate authorities (on both client and server, since it's self signed), then generating client and server certificates that chain from the self-signed CA cert.
You won't need the client certs, but it does help you to create a self-signed CA and server cert.
回答5:
One alternative for programmatically generating certificates is Bouncy Castle's C#-version. http://www.bouncycastle.org/csharp/
来源:https://stackoverflow.com/questions/187588/self-signed-certificate-in-windows-without-makecert