RSS Feed (xml)

Create and Trust a Test Software Publisher Certificate C#

To create a test SPC for a software publisher named Allen Jones, first create an X.509 certificate using the Certificate Creation tool. The command makecert - n "CN=Allen Jones" -sk MyKeys TestCertificate.cer creates a file named TestCertificate.cer containing an X.509 certificate and stores the associated private key in a CSP key container named MyKeys (which is automatically created if it does not exist). Alternatively, you can write the private key to a file by substituting the -sk switch with -sv. For example, to write the private key to a file named PrivateKeys.pvk use the command makecert -n "CN=Allen Jones" -sv PrivateKey.pvk TestCertificate.cer. If you write your private key to a file, the Certificate Creation tool will prompt you (as shown in Figure 1.5) to provide a password with which to protect the private key file.

Certificate Creation tool requests a password when accessing file-based private keys.
The Certificate Creation tool supports many arguments, and Table 1.3 lists some of the more useful ones. You should consult the .NET Framework SDK documentation for full coverage of the Certificate Creation tool.

Table 1.3: Commonly Used Switches of the Certificate Creation Tool
Specifies the date when the certificate becomes invalid
Specifies the duration—in months—that the certificate remains valid
Specifies an X.500 name to associate with the certificate. This is the name of the software publisher that people will see when they view details of the SPC you create
Specifies the name of the CSP key store in which to store the private key
Specifies the name of the certificate store where the Certificate Creation tool should store the generated X.509 certificate
Specifies the name of the file in which to store the private key

Once you have created your X.509 certificate with the Certificate Creation tool, you need to convert it to an SPC with the Software Publisher Certificate Test tool (cert2spc.exe). To convert the certificate TestCertificate.cer to an SPC, use the command cert2spc TestCertificate.cer TestCertificate.spc. The Software Publisher Certificate Test tool doesn't offer any optional switches.
The final step before you can use your test SPC is to trust the root test CA, which is the default issuer of the test certificate. The Set Registry tool (setreg.exe) makes this a simple task with the command setreg 1 true. When you have finished using your test SPC, you must remove trust of the root test CA using the command setreg 1 false.

No comments:

Post a Comment

Archives In Web World

Fun Mail - Fun in the Mail