I am using Windows 10. I don't have the makecert.exe, which I came to know when I tried to run commands to generate certificates like
makecert.exe
I get error :
'makecert' is not recognised as an internal or external command, operable program or batch file.
and I already installed windows SDK for windows 10.
It may be installed but it's probably just not in the path.
For instance, I can find it under C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64
but I can also find another one under C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86
. Exact versions in the path will vary based on which exact version of the SDK you've installed.
Neither of those paths are in my PATH
environment variable though (and I don't remember explicitly removing it after installing the SDK), so I can't just say makecert
at the command line, I have to give a full path to the one I want to run.
A handy way to try to find where you have copies is the where
command. Here I've limited my search to the SDKs directory but you can search your whole hard drive if you want:
C:\Users\Damien>where /R "C:\Program Files (x86)\Windows Kits" makecert.*
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\arm64\makecert.exe
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x64\makecert.exe
C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86\makecert.exe
Currently makecert is depreciated, the new way with powershell 'New-SelfSignedCertificate' (as admin), for example:
1.- We create a new root trusted cert:
$rootCert = New-SelfSignedCertificate -Subject 'CN=TestRootCA,O=TestRootCA,OU=TestRootCA' -KeyExportPolicy Exportable -KeyUsage CertSign,CRLSign,DigitalSignature -KeyLength 2048 -KeyUsageProperty All -KeyAlgorithm 'RSA' -HashAlgorithm 'SHA256' -Provider 'Microsoft Enhanced RSA and AES Cryptographic Provider'
2.- We create the cert from the root trusted cert chain:
New-SelfSignedCertificate -DnsName "localhost" -FriendlyName "MyCert" -CertStoreLocation "cert:\LocalMachine\My" -Signer $rootCert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1") -Provider "Microsoft Strong Cryptographic Provider" -HashAlgorithm "SHA256" -NotAfter (Get-Date).AddYears(10)
3.- We copy the thumbprint returned by the last command
4.- (If neccesary) We remove the last association ip/port/cert:
netsh http delete sslcert ipport=0.0.0.0:443
5.- We associate the new certificate with any ip and port 443 (the appid value does not matter, is any valid guid):
netsh http add sslcert ipport=0.0.0.0:443 appid='{214124cd-d05b-4309-9af9-9caa44b2b74a}' certhash=here_the_copied_thumbprint
6.- Now, you must open MMC (Certificates Local Computer) and drag and drop the TestRootCA Personal/Certificates folder to Trusted Root Certification Authorities/Certificates.
These commands also resolve the error ERR_CERT_WEAK_SIGNATURE_ALGORITHM returned later by Google Chrome because the certificate is created with SHA1 instead of SHA256
This is how I installed the makecert.exe file
(Note: I Installed Windows 10 SDK first, but, this version does not install makecert.exe in the "bin" directory. No problem!)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With