How to: Create Your Own Test Certificate

Page 1 of 5

How to: Create Your Own Test Certificate

24 out of 34 rated this helpful
Retired Content
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using
these technologies.
This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist.
To create client business applications using current Microsoft technologies, see patterns & practices' Prism.
Although signing a deployment was made optional in the .NET Framework 3.5 SP1, it is still a best practice for security reasons.
To sign your deployment, you must have a code-signing certificate. You can either create your own test certificate or obtain a
certificate from a root certificate authority (CA)typically, a vendor or your server support team. When you have a certificate
from a CA, it displays the publisher in the installation dialogs, which makes your application appear more trustworthy. If you
use a test (self-created) certificate, the installation dialogs will display an "Unknown publisher" message. For applications
deployed internally in an organization, this is an acceptable practice.
To create a test certificate in Visual Studio
1. Open your main projects property pages and click the Signing tab.
2. Click Create Test Certificate.
Visual Studio will create the certificate, and add it to your project (the certificate will have a name similar to
MyApp_Temporary.pfx). Visual Studio will also add the certificate to the certificate store on your computer.
If you use this method on multiple applications, you will find that they all look the same in the certificate store on your
computer, as shown in Figure 1.

Figure 1
Certificate store

http://msdn.microsoft.com/en-us/library/ff699202.aspx

18/09/2014

How to: Create Your Own Test Certificate

Page 2 of 5

If you use Mage to redeploy an application, Mage will ask for the certificate when you sign the deployment. One option is to
browse to it in Windows Explorer, but this gets tiresome if you have to do it repeatedly. A second option is to select it from the
certificate store. However, if you have several with the same name, you will not know which one to select.
Rather than creating a test certificate with Visual Studio, you can create one using the tools that came with Visual Studio and
define the name yourself. Then you can use this same certificate to sign one or more deployments. If you use Mage to sign the
application, you can easily select your certificate from the certificate store on your computer rather than browsing to it.
Creating and naming a test certificate is optional, but it can make publishing and signing your deployments easier in the long
run. This section explains how to create the test certificate. The next section explains how to use the test certificate to sign your
deployment.
To create a test certificate
1. Find the Makecert.exe and Pvk2pfx.exe files.
If you are using Visual Studio 2010, the files are in the following folder:
C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\
If you are using Visual Studio 2008, the files are in the following folder:
C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin\
2. Copy the files to another folder, such as C:\MakeCert\, so that you can easily find them via a Command Prompt window.
3. Open a Command Prompt window and go to the folder.
4. You need to create a certificate and a private key file, and then convert those files into a .pfx file that can be used by
Visual Studio. Use the following command to create the certificate and the private key file:
makecert -sv yourprivatekeyfile.pvk -n "cert name" yourcertfile.cer -b mm/dd/yyyy -e mm/dd/yyyy -r
where:
-sv yourprivatekeyfile.pvk is the name of the file containing the private key.
-n "cert name" is the name that will appear on the certificate (and in the certificate store).
yourcertfile.cer is the name of the certificate file.
-b mm/dd/yyyy is the date when the certificate becomes valid.
-e mm/dd/yyyy is the date when the certificate expires.
-r indicates that this will be a self-signed certificate.
Figure 2 is an example of the command.

Figure 2

http://msdn.microsoft.com/en-us/library/ff699202.aspx

18/09/2014

How to: Create Your Own Test Certificate

Page 3 of 5

Making a certificate file

This example creates a certificate that is valid from 4/1/2010 through 4/1/2011. You can create one that lasts longer
than this, but it is not advisable because the certificate cannot be revoked. For more information about certificate
revocation, see Certificate Revocation and Status Checking on Microsoft TechNet.
5. After you enter the command, you will be prompted to set the password for the private key file, as shown in Figure 3.

Figure 3
Setting the password for the private key file
This step creates a .pvk file that contains the private key information.
6. You will be prompted to enter the password to sign the actual certificate (.cer) file, as shown in Figure 4.

Figure 4
Entering the password for the private key file
7. Next, you have to create the .pfx file that you will use to sign your deployments. Open a Command Prompt window, and
type the following command:
PVK2PFX pvk yourprivatekeyfile.pvk spc yourcertfile.cer pfx yourpfxfile.pfx po yourpfxpassword
where:

-pvk yourprivatekeyfile.pvk is the private key file that you created in step 4.
-spc yourcertfile.cer is the certificate file you created in step 4.
-pfx yourpfxfile.pfx is the name of the .pfx file that will be created.
-po yourpfxpassword is the password that you want to assign to the .pfx file. You will be prompted for this
password when you add the .pfx file to a project in Visual Studio for the first time.
Figure 5 illustrates the commands described in steps 4 and 7, and the resulting files. When you create the .pfx file, you
will be prompted again for the password to the private key file.

http://msdn.microsoft.com/en-us/library/ff699202.aspx

18/09/2014

How to: Create Your Own Test Certificate

Page 4 of 5

Figure 5
Making a .pfx file out of the certificate and private key files
Your .pfx file is now ready to use to sign your deployments. For procedures, see the section How to: Set the Basic
ClickOnce Publishing Properties.
8. In Windows Explorer, find the folder in which you created the .pfx file. Double-click the file. This will start the import
wizard. Accept the defaults and import your certificate into the store. It will be placed under Certificates Current User
in the Personal folder.
9. To access your certificate store, click the Start button, type certmgr.msc in the search box, and then press Enter. You
can see the SCSFTest example certificate in Figure 6.

Figure 6

http://msdn.microsoft.com/en-us/library/ff699202.aspx

18/09/2014

How to: Create Your Own Test Certificate

Page 5 of 5

SCSF Test certificate example in the certificate store

You will be able to retrieve the certificate from the store when you use the Mage tools.
Note:
You can also leave the certificate in the C:\MakeCert folder and retrieve it from there when you use either the Mage
tools or the Manifest Management Utility (MMU).

2014 Microsoft

http://msdn.microsoft.com/en-us/library/ff699202.aspx

18/09/2014