I've tried the below template which creates the certificate and installs it in the localmachine Personal certificate store:
makecert -sk <<UniqueKeyName>> -iv RootCATest.pvk -n "CN=<<MachineName>>" -ic RootCATest.cer -sr localmachine -ss my -sky exchange -pe
RootCATest.pvk is the private key of the root CA certificate. RootCATest.cer is the public key of the root CA certificate (used for issuing certificates).
When I view it from the MMC and right click on it, properties -> export, then its private key export option is grayed out.
How to create a Private-Key exportable self-signed certificate?
Just googled this and the most direct way is to use the "-pe" option for makecert.exe. Here is the documentation:
Certificate Creation Tool
If you wanted to spend a whole bunch of time on it and don't mind it being self-certified, I'd recommend using OpenSSL. There are only a few steps:
Download the source and build openssl.exe or get a pre-compiled copy (link).
Create a self-signed cert in PEM format. Open a DOS prompt in the folder containing openssl.exe and openssl.cnf. The command below creates one that's good for roughly 10 years:
openssl req -x509 -days 3650 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem -config ./openssl.cnf
Convert the PEM to a PFX:
openssl.exe pkcs12 -export -in mycert.pem -out mycert.pfx
Double-click the PFX to import it and be sure to check the "Mark this key as exportable" box on the same dialog where you enter the password for the PFX.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With