While this isn’t new, I needed a new home for it since my old Pluralsight blog is gone now. Hopefully you’ll find it helpful!
It’s a bit of a pain to create self-signed certs using MAKECERT. So here’s a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it’s factored so that you can use the underlying library standalone – you can easily create certs programmatically now.
Here’s the GUI:
The GUI has some nifty features: you can create a PFX file directly, or you can save directly to a cert store of your choice. When you save to a cert store, an extra dialog pops up showing you where the private key file resides, so that you can adjust the ACL accordingly. I’ve got a “view private key” feature that launches explorer with the /select argument, taking you to the private key file so that you can set the ACL on it. Anyway, this extra dialog gives you some quick info you typically want, like the thumbprint. And there are buttons for browsing the cert store and viewing the certificate as well from here.
The GUI gens the RSA key pair on a background thread, so a) the app doesn’t lock up on you, and b) if you get tired of waiting for the key to gen, you can cancel easily enough 
Here’s some code that does this programmatically by calling the Pluralsight.Crypto library that is underneath all of this. Those of you who are familiar with the CryptoAPI will recognize the key abstraction here, CryptContext.
static void GenSelfSignedCert()
{
using (CryptContext ctx = new CryptContext())
{
ctx.Open();
X509Certificate2 cert = ctx.CreateSelfSignedCertificate(
new SelfSignedCertProperties
{
IsPrivateKeyExportable = true,
KeyBitLength = 4096,
Name = new X500DistinguishedName("cn=localhost"),
ValidFrom = DateTime.Today.AddDays(-1),
ValidTo = DateTime.Today.AddYears(1),
});
X509Certificate2UI.DisplayCertificate(cert);
}
}
Make sure you’ve got the Microsoft .NET Framework 3.5 installed. Self-Cert relies on it.
Download the project here, which includes binaries and sources. Feel free to use Pluralsight.Crypto in your own projects if you find it useful. Enjoy!
Brilliant, just what I needed. Thanks Keith.
Thanks Keith. It’s very easy to use and helpful for me.
Hi,
Pretty useful tool. Is there any Pluralsight course that explains about x 509 certificates and discusses the various options within them?I have been looking for such a tutorial for a long time now.
We do have a tutorial by Paul Lemmers that talks about them, but doesn’t get into too much depth. You can see the outline here: http://www.pluralsight-training.net/microsoft/courses/TableOfContents?courseName=iis-certificates
Very nice tool. With source code it’s awesome! Thanks.
BTW I have a question. Did you know how to set the friendly name property in the self signed certified? I realized that in IIS, the generated certified doesn’t have one.
Not sure – I’ve never tried setting it personally. Maybe this would help: http://bit.ly/JSgMbA
Pingback: What tools can I use to generate X.509 certificates? | PHP Developer Resource
hey thanks for the source code,
The Only problem i have in the code is there is no Comments so it’s very hard to understand how the self signed certificate is created…
I apologize for the lack of comments. I hope the code is intent-revealing enough to figure things out!
Pingback: Cert issue setting up WCF in IIS | Jisku.com - Developers Network
I cant access the link of project. Can I create X509 certificates thru above code?
The link seems to be working for me. Maybe you have a corp firewall blocking access to amazonaws.com?
And yes, this project does allow you to programmatically create self-signed certs.
Pingback: WCF Service with message based security validating against AspNet Membership Provider « Shawson's Code Blog
Pingback: Servicio WCF expuesto con REST y SOAP « Jameson López .NET
Genius. honestely.
Sorry but when i try to assign the .pfx file to “Sign the assembly” option, it pops up password dialog box and i have not choosen to enter password while creating .pfx. what is going wrong here?
Giving following Error, while i try to publish 1 Cannot import the following key file: April.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the following key container name: VS_KEY_020C12985435E179
How to add Extensions from this. I tried extensions but it is not adding and showing in certificcate store
This is helped me a lot. Appreciated you effort to provide this short instructions.
hi
need to create ssl certificate with multiple purpose (client authentication && server authentication).Is it possible.
Hi,
let me first thank you, i guess this is what i am searching for since a while, i’m coding my first TCP client for training purposes , in VB2010 with .Net4, and was wondering from where to get these stuff , what are they and so on…i am using SslStream , is that helping to set client certificates to connect with a certified server ?
great work , thank you
It’s been quite awhile since I’ve used it, but as I recall, SslStream is a great way to secure a TCP connection, and SelfCert should help you create a certificate that you can use with that type of solution. Good luck!
Pingback: Integrating your windows store app with https nodejs web service | Building Apps @ Program Thee world
Thanks for the tool. It must have saved me couple of hours to generate a self signed certificate for localhost. In https client/server scenario, the localhost certificate needs to be imported in trusted cas on the client machine for the scenario to work.