I've not seen all of this pulled together in one place and on my current project, I have a need for solid SSL testing during dev so needed to nail this once and for all. I hope you find this useful!
To make a test CA (Certificate Authority), you can use the following command:
makecert -r -pe -n "CN=AdventureWorksTestCA" -sr CurrentUser -a sha1 -sky signature -cy authority -sv AdventureWorksTestCA.pvk AdventureWorksTestCA.cer
To make a test server authentication certificate:
makecert -pe -n "CN=AdventureWorksTestServer" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestServer.pvk AdventureWorksTestServer.cer
To make a test client authentication certificate:
makecert -pe -n "CN=AdventureWorksTestClient" -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.2 -ic AdventureWorksTestCA.cer -iv AdventureWorksTestCA.pvk -sv AdventureWorksTestClient.pvk AdventureWorksTestClient.cer
Then to export the PFX files for both certificates:
pvk2pfx -pvk AdventureWorksTestServer.pvk -spc AdventureWorksTestServer.cer -pfx AdventureWorksTestServer.pfx
pvk2pfx -pvk AdventureWorksTestClient.pvk -spc AdventureWorksTestClient.cer -pfx AdventureWorksTestClient.pfx
Now once you have your certificates created, you need to import them into your certificate store. Start with the CA certificate, double click the
.cer file and click on the [install certificate] button. Once the dialog box opens, make sure you import this certificate into the “Trusted Root Certification Authorities” store. This is critical to ensure the other certificates are correctly chained up to a trusted root.
Once this CA is installed, you can simply go through the same process with the client and server certificates and allow them to simply import into their default location (don’t manually specify the store during import). The client/server certs will import themselves into the Current User - Personal certificate store.
Now, you should be all set-up with a CA/Server/Client certs ready for dev work.