Overview
MakeCert is a command‑line utility used to create self‑signed X.509 certificates for development and testing. It is part of the Windows SDK and can generate certificates with custom extensions, key lengths, and validity periods.
Download
Syntax
makecert [-r] [-a algorithm] [-b date] [-e date] [-n "CN=name"] [-ss store] [-sr location] [-sk keyname] [-sp provider] [-sy provider_type] [-len keylength] [-sky keytype] [-sv filename] [-sv filename.pvk] [-iv filename] [-ic filename] [-ir location] [-is store] [-sr location] [-sky keytype] [options] outputcert.cerCommon Parameters
| Parameter | Description |
|---|---|
| -r | Creates a self‑signed certificate. |
| -a algorithm | Hash algorithm (SHA1, SHA256, SHA384, SHA512). Default is SHA1. |
| -b date | Start date (MM/DD/YYYY). Defaults to today. |
| -e date | Expiration date (MM/DD/YYYY). |
| -n "CN=name" | Subject name. Example: "CN=MyTestCert". |
| -ss store | Certificate store name (e.g., My, Root). |
| -sr location | Store location: CurrentUser or LocalMachine. |
| -sk keyname | Key container name. |
| -sp provider | Crypto provider name (default: "Microsoft RSA SChannel Cryptographic Provider"). |
| -sy provider_type | Provider type (e.g., 12 for RSA). |
| -len keylength | Key length in bits (default 2048). |
| -sky keytype | Key type: exchange or signature. |
| -sv pvkfile | Exports the private key to a .pvk file. |
| -iv pfxfile | Imports a .pvk file when creating a .pfx. |
Examples
1. Create a self‑signed certificate for localhost
makecert -r -pe -n "CN=localhost" -b 01/01/2025 -e 01/01/2035 -sky exchange -ss My -len 2048 localhost.cer2. Create a certificate with a private key (.pvk) and export to .pfx
makecert -r -pe -n "CN=MyApp" -ss My -len 4096 -sv myapp.pvk myapp.cer
pvk2pfx -pvk myapp.pvk -spc myapp.cer -pfx myapp.pfx