Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

makecert.exe missing in windows 10, how to get it and use it

I am using Windows 10. I don't have the makecert.exe, which I came to know when I tried to run commands to generate certificates like makecert.exe
I get error :

'makecert' is not recognised as an internal or external command, operable program or batch file.

and I already installed windows SDK for windows 10.

like image 967
Te7a Avatar asked Jul 19 '18 08:07

Te7a


3 Answers

It may be installed but it's probably just not in the path.

For instance, I can find it under C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64 but I can also find another one under C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86. Exact versions in the path will vary based on which exact version of the SDK you've installed.

Neither of those paths are in my PATH environment variable though (and I don't remember explicitly removing it after installing the SDK), so I can't just say makecert at the command line, I have to give a full path to the one I want to run.


A handy way to try to find where you have copies is the where command. Here I've limited my search to the SDKs directory but you can search your whole hard drive if you want:

C:\Users\Damien>where /R "C:\Program Files (x86)\Windows Kits" makecert.*
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\arm64\makecert.exe
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64\makecert.exe
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\makecert.exe
like image 140
Damien_The_Unbeliever Avatar answered Oct 19 '22 18:10

Damien_The_Unbeliever


Currently makecert is depreciated, the new way with powershell 'New-SelfSignedCertificate' (as admin), for example:

1.- We create a new root trusted cert:
$rootCert = New-SelfSignedCertificate -Subject 'CN=TestRootCA,O=TestRootCA,OU=TestRootCA' -KeyExportPolicy Exportable -KeyUsage CertSign,CRLSign,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256'  -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'

2.- We create the cert from the root trusted cert chain:
New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "MyCert" -CertStoreLocation "cert:\LocalMachine\My" -Signer $rootCert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -Provider "Microsoft Strong Cryptographic Provider" -HashAlgorithm "SHA256" -NotAfter (Get-Date).AddYears(10)

3.- We copy the thumbprint returned by the last command

4.- (If neccesary) We remove the last association ip/port/cert:
netsh http delete sslcert ipport=0.0.0.0:443

5.- We associate the new certificate with any ip and port 443 (the appid value does not matter, is any valid guid):
netsh http add sslcert ipport=0.0.0.0:443 appid='{214124cd-d05b-4309-9af9-9caa44b2b74a}' certhash=here_the_copied_thumbprint

6.- Now, you must open MMC (Certificates Local Computer) and drag and drop the TestRootCA  Personal/Certificates folder to Trusted Root Certification Authorities/Certificates.

These commands also resolve the error ERR_CERT_WEAK_SIGNATURE_ALGORITHM returned later by Google Chrome because the certificate is created with SHA1 instead of SHA256

like image 9
beer73 Avatar answered Oct 19 '22 17:10

beer73


This is how I installed the makecert.exe file

(Note: I Installed Windows 10 SDK first, but, this version does not install makecert.exe in the "bin" directory. No problem!)

  1. Downloaded the Windows SDK version 7.1 ISO from https://www.microsoft.com/en-us/download/details.aspx?id=8279
  2. The name of the ISO I downloaded is GRMSDK_EN_DVD.iso
  3. Navigate to download directory and MOUNT this ISO (there is software that makes mounting in windows 7/10 easy)
  4. Once mounted, navigate to directory in ISO called "Setup\WinSDKTools" you will see two files in this directory. One is "WinSDKTools_x86.msi" and the other is "cab1.cab"
  5. Copy these two files to an empty directory on your hard drive
  6. From your hard drive go to the directory where you copied these files and right click on "WinSDKTools_x86.msi" then chose Install
  7. Look on your hard drive for a newly created directory at "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1\Bin"
  8. Makecert.exe should now be in this new directory along with some other applications and folders
  9. Profit?
like image 7
Seonji Avatar answered Oct 19 '22 17:10

Seonji