How to create a temporary X.509 certificate for message security

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Use the following steps to create a temporary X.509 certificate for message security:
  1. Create a Certificate to Act as Your Root Certificate Authority
makecert -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.cer
  1. Create a Certificate Revocation List File from the Root Certificate
makecert -crl -n "CN=RootCATest" -r -sv RootCATest.pvk RootCATest.crl
  1. Install Your Root Certificate Authority on the Server and Client Machines
    1. Use MMC to install the RootCATes.cer on client and server machines in the Trusted Root Certification Authorities store
  1. Install the Certificate Revocation List File on the Server and Client Machines
    1. Use MMC to install the RootCATes.crl on client and server machines in the Trusted Root Certification Authorities
  1. Create and Install Your Temporary Service Certificate
makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe
  1. Give the WCF Process Identity Access to the Temporary Certificate’s Private Key
FindPrivateKey.exe My LocalMachine -n "CN=tempCert"
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\*4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030*" /E /G "NT AUTHORITY\NETWORK SERVICE":R

the value "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\4d657b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" should be the one returned by findprivatekey

Last edited May 8, 2008 at 7:57 AM by prashantbansode, version 1

Comments

No comments yet.