Menu
I need to make two certificates: CA sert and Server cert.
I use this commands.
makecert -r -pe -n "CN=CACert" -a sha1 -sky signature -cy authority -sv CACert.pvk CACert.cer
certutil -addstore Root TGCA.cer
makecert -pe -n "CN=ServerCert" -a sha1 -sky exchange -ic CACert.cer -iv CACert.pvk -sv ServerCert.pvk ServerCert.cer
pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx
Then I import ServerCert.pfx to certificate storage.
Why they do not contain private key in storage?
299
A 32-bit version of the Pvk2Pfx tool is located in the bin\x86 folder of the WDK. A 64-bit version of the tool is located in the bin\x64 of the WDK. For example, on an x64-based computer running Windows 10, the path is C:\Program Files (x86)\Windows Kits\10\bin\x64.
MakeCert (Makecert.exe) is a command-line CryptoAPI tool that creates an X. 509 certificate that is signed by a system test root key or by another specified key. The certificate binds a certificate name to the public part of the key pair. The certificate is saved to a file, a system certificate store, or both.
Why don't you try to generate pfx file by passing the private key password as an argument?
Try it this way
pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx -pi password
As the documentation says:
/pi pvkpassword Specifies the password for the .pvk file.
Source: http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672(v=vs.85).aspx
146
So, after a long dance with a tambourine I found a solution. Problem was in UI. My goal was to import pfx to localmachine storage. It's impossible to do by starting pxf file from folder.
When pxf imports wihout pvk pass, the internal private key do not imports. Password do not requests when importing to localmachine storage by MMC.
What I made:
I don't know other ways.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
