I am using Windows 10. I don't have the makecert.exe, which I came to know when I tried to run commands to generate certificates like
makecert.exe
I get error :
'makecert' is not recognised as an internal or external command, operable program or batch file.
and I already installed windows SDK for windows 10.
On
This is how I installed the makecert.exe file
(Note: I Installed Windows 10 SDK first, but, this version does not install makecert.exe in the "bin" directory. No problem!)
On
I know it's too late now, but I solved this problem by installing an old Windows 10 SDK version:
On
i just download this file and move it to c:/winwdows/system32
then run my command like this in command prompt:
Makecert -r -pe -n CN="MycomputerCertificate" -b 01/01/2020 -e 12/22/2030 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
On
Currently makecert is depreciated, the new way with powershell 'New-SelfSignedCertificate' (as admin), for example:
1.- We create a new root trusted cert:
$rootCert = New-SelfSignedCertificate -Subject 'CN=TestRootCA,O=TestRootCA,OU=TestRootCA' -KeyExportPolicy Exportable -KeyUsage CertSign,CRLSign,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'
2.- We create the cert from the root trusted cert chain:
New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "MyCert" -CertStoreLocation "cert:\LocalMachine\My" -Signer $rootCert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -Provider "Microsoft Strong Cryptographic Provider" -HashAlgorithm "SHA256" -NotAfter (Get-Date).AddYears(10)
3.- We copy the thumbprint returned by the last command
4.- (If neccesary) We remove the last association ip/port/cert:
netsh http delete sslcert ipport=0.0.0.0:443
5.- We associate the new certificate with any ip and port 443 (the appid value does not matter, is any valid guid):
netsh http add sslcert ipport=0.0.0.0:443 appid='{214124cd-d05b-4309-9af9-9caa44b2b74a}' certhash=here_the_copied_thumbprint
6.- Now, you must open MMC (Certificates Local Computer) and drag and drop the 'TestRootCA' certificate from your 'Personal/Certificates' subfolder to 'Trusted Root Certification Authorities/Certificates' subfolder.
These commands also resolve the error ERR_CERT_WEAK_SIGNATURE_ALGORITHM returned later by Google Chrome because the certificate is created with SHA1 instead of SHA256
It may be installed but it's probably just not in the path.
For instance, I can find it under
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64but I can also find another one underC:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86. Exact versions in the path will vary based on which exact version of the SDK you've installed.Neither of those paths are in my
PATHenvironment variable though (and I don't remember explicitly removing it after installing the SDK), so I can't just saymakecertat the command line, I have to give a full path to the one I want to run.A handy way to try to find where you have copies is the
wherecommand. Here I've limited my search to the SDKs directory but you can search your whole hard drive if you want: