MakeCert Tool
The makecert.exe utility creates X.509 certificates for testing and development. It is included with the Windows SDK and is commonly used to generate self‑signed certificates for code signing, SSL testing, and more.
Syntax Overview
makecert [-r] [-pe] [-n "CN=<Common Name>"] [-b <BeginDate>] [-e <EndDate>]
[-sky <KeySpec>] [-sr <StoreName>] [-ss <StoreLocation>]
[-a <Algorithm>] [-len <KeyLength>] [-eku <EnhancedKeyUsageOID>]
[-sp <Provider>] [-sy <ProviderType>] [-sv <PFXFile>] <CertFile>Key options you’ll use most often:
-r– Create a self‑signed certificate.-pe– Mark the private key as exportable.-n "CN=Name"– Set the subject common name.-b/-e– Certificate validity period.-a– Hash algorithm (SHA1, SHA256, SHA384, SHA512).-len– Key length in bits (default 2048).-sv– Create a PFX file containing both cert and private key.
Example: Create a self‑signed certificate for a development server
makecert -r -pe -n "CN=dev.mycompany.local" -b 01/01/2025 -e 01/01/2035 ^
-a sha256 -len 4096 -sv devCert.pfx devCert.cer
This command creates a 4096‑bit RSA certificate valid for 10 years, stores the private key in devCert.pfx, and outputs the public certificate to devCert.cer.
Download MakeCert
MakeCert is part of the Windows SDK. Choose the appropriate SDK version for your development environment and install the Tools component.