Digital Certificate Creator Tool

• Download source - 55.3 KB
• Download sample - 2.2 KB
• Download demo - 43 KB

Introduction

This is a custom developed tool for generating a digital certificate. This allows the user to select the root certificate details (PVK and CER files) to customize the validity period. The tool also allows to browse the store and view the properties of selected certificates and the context menu on these properties allows to copy any of them to the clipboard.

Using the Code

This tool can be fully customizable to create the digital certificates.

The current version accepts a couple of parameters including the root certificate details to create a new one.

The application will not be able to run without admin rights to the machine.  Once the application starts, the main window will appear which will allow you to set a couple of parameters. The current version has been customized for my use and you can add more options.

//
// Tool utilize .NET process functionality to execute the command to create certificate
//
Process p = new Process();
p.StartInfo.UseShellExecute = false;
// Redirect the output stream of the child process.
 p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.ErrorDialogParentHandle = this.Handle;
p.StartInfo.FileName = sCommand;
p.StartInfo.Arguments = sArguments + sbOutPutFile.ToString();
 p.StartInfo.CreateNoWindow = true;
 p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
 p.Start();

MakeCert syntax follows and the attached source code allows you to add/customize with any of the parameters.

Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
 -sk  <keyName>      Subject's key container name; To be created if not present
 -pe                 Mark generated private key as exportable
 -ss  <store>        Subject's certificate store name that stores the output
                     certificate
 -sr  <location>     Subject's certificate store location.
                        <CurrentUser|LocalMachine>.  Default to 'CurrentUser'
 -#   <number>       Serial Number from 1 to 2^31-1.  Default to be unique
 -$   <authority>    The signing authority of the certificate
                        <individual|commercial>
 -n   <X509name>     Certificate subject X500 name (eg: CN=Fred Dews)
 -?                  Return a list of basic options
 -!                  Return a list of extended options

Extended Options
 -tbs <file>         Certificate or CRL file to be signed
 -sc  <file>         Subject's certificate file
 -sv  <pvkFile>      Subject's PVK file; To be created if not present
 -ic  <file>         Issuer's certificate file
 -ik  <keyName>      Issuer's key container name
 -iv  <pvkFile>      Issuer's PVK file
 -is  <store>        Issuer's certificate store name.
 -ir  <location>     Issuer's certificate store location
                        <CurrentUser|LocalMachine>.  Default to 'CurrentUser'
 -in  <name>         Issuer's certificate common name.(eg: Fred Dews)
 -a   <algorithm>    The signature algorithm
                        <md5|sha1|sha256|sha384|sha512>.  Default to 'sha1'
 -ip  <provider>     Issuer's CryptoAPI provider's name
 -iy  <type>         Issuer's CryptoAPI provider's type
 -sp  <provider>     Subject's CryptoAPI provider's name
 -sy  <type>         Subject's CryptoAPI provider's type
 -iky <keytype>      Issuer key type
                        <signature|exchange|<integer>>.
 -sky <keytype>      Subject key type
                        <signature|exchange|<integer>>.
 -l   <link>         Link to the policy information (such as a URL)
 -cy  <certType>     Certificate types
                        <end|authority>
 -b   <mm/dd/yyyy>   Start of the validity period; default to now.
 -m   <number>       The number of months for the cert validity period
 -e   <mm/dd/yyyy>   End of validity period; defaults to 2039
 -h   <number>       Max height of the tree below this cert
 -len <number>       Generated Key Length (Bits)
 -r                  Create a self signed certificate
 -nscp               Include Netscape client auth extension
 -crl                Generate a CRL instead of a certificate
 -eku <oid[<,oid>]>  Comma separated enhanced key usage OIDs
 -?                  Return a list of basic options
 -!                  Return a list of extended options

Please find below sample command for makecert:

makecert -sk ABCSIT -iv HCAWRoot.pvk -n "CN=ABCSIT"
-ic HCAWRoot.cer -sr localmachine -ss my -sky exchange –pe -e 03/21/2014

"View Certificate" button allows the user to select any certificate from the store and view the properties. This option also allows the user to export certificate to PIX format for clients usage.

//
//This section opens the certificate selection window (Screenshot given below)
//
X509Store store = new X509Store(CertStoreName, CertStoreLocation);
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection selectedCert = 
	X509Certificate2UI.SelectFromCollection(store.Certificates,
"Select Certificate", "
Select Certificate to view details", X509SelectionFlag.SingleSelection, this.Handle);

Once the user selects any of the available certificates, the below section of code displays the properties of the certificate.

//
//This section shows the certificate properties (Screenshot given below)
//
lblCertName.Text = Certificate.SubjectName.Name;
lblIssuer.Text = Certificate.IssuerName.Name;
lblSlNo.Text = Certificate.SerialNumber;
lblVersion.Text = Certificate.Version.ToString();
lblPrivateKey.Text = Certificate.HasPrivateKey.ToString();
lblSignAlgorithm.Text = Certificate.SignatureAlgorithm.FriendlyName;
lblThumbPrint.Text = Certificate.Thumbprint;
lblValidFrom.Text = Certificate.NotBefore.ToShortDateString();
lblValidTo.Text = Certificate.NotAfter.ToShortDateString();

View Certificate option open windows certificate viewer using the following code:

//
//This section open widows certificate viewer
//
X509Certificate2UI.DisplayCertificate(SelectedCert,this.Handle);

Export Certificate option allows the user to export the selected certificate from "PIX" format.

//
//This section shows the certificate properties (Screenshot given below)
//
X509Certificate2 x509 = SelectedCert;
if (x509 == null)
    return;
NativeMethods.CRYPTUI_WIZ_EXPORT_INFO exportInfo =
    new NativeMethods.CRYPTUI_WIZ_EXPORT_INFO();
exportInfo.dwSize = (uint)Marshal.SizeOf(
    typeof(NativeMethods.CRYPTUI_WIZ_EXPORT_INFO));
//exportInfo.pwszExportFileName = @"C:\Anoop\tt.pfx";
exportInfo.dwSubjectChoice =
    NativeMethods.CryptuiExportChoice.CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
exportInfo.pCertContext = x509.Handle;
exportInfo.cStores = 0;
IntPtr pExportInfo = Marshal.AllocHGlobal((int)exportInfo.dwSize);
Marshal.StructureToPtr(exportInfo, pExportInfo, false);
NativeMethods.CryptUIWizExport(0, IntPtr.Zero,
    "Export of Certificate", pExportInfo, IntPtr.Zero);

NativeMethods class helps to open the export wizard:

static internal class NativeMethods
{
    internal enum CryptuiExportChoice : uint
    {
        CRYPTUI_WIZ_EXPORT_CERT_CONTEXT = 1,
        CRYPTUI_WIZ_EXPORT_CTL_CONTEXT = 2,
        CRYPTUI_WIZ_EXPORT_CRL_CONTEXT = 3,
        CRYPTUI_WIZ_EXPORT_CERT_STORE = 4,
        CRYPTUI_WIZ_EXPORT_CERT_STORE_CERTIFICATES_ONLY = 5,
        CRYPTUI_WIZ_EXPORT_FORMAT_CRL = 6,
        CRYPTUI_WIZ_EXPORT_FORMAT_CTL = 7
    }
    [StructLayout(LayoutKind.Sequential)]
    internal struct CRYPTUI_WIZ_EXPORT_INFO
    {
        internal uint dwSize;
        internal string pwszExportFileName;
        internal CryptuiExportChoice dwSubjectChoice;
        internal IntPtr pCertContext;
        internal uint cStores;
        internal HCERTSTORE rghStores;
    };
    [DllImport("Cryptui.dll", CharSet = CharSet.Unicode,
                ExactSpelling = true, SetLastError = true)]
    [return: MarshalAs(UnmanagedType.Bool)]
    internal static extern bool CryptUIWizExport(uint dwFlags,
        HWND hwndParent, string pwszWizardTitle,
        IntPtr pExportInfo, IntPtr pvoid);
}

Points of Interest

This tool require admin rights to the system.

The tool uses traditional "makecert" command to create the certificate.

History

• Version 1.0