The preparatory work
1. Install/Visual Studio (visualstudio.microsoft.com/zh-hans/vs/)
Create a self-signed digital certificate in the system
- Open the VS command line tool
2. Run the makecert command
makecert -r -pe -n "CN=LION CA" -$ commercial -a sha1 -b 01/01/2020 -e 01/01/2100 -cy authority -ss root -sr currentuser
-r Creates a self-signed certificate.
– PE Marks the private key as exportable.
-n Name Indicates the name of the issuer certificate. The name must comply with the X.500 standard. The simplest method is to use the “CN = MyName” format. For example, -n CN = Test.
-$Ca Type of a certification body. CertificateAuthority must be set either commercial (for certificates to be used by commercial software publishers) or individual (for certificates to be used by various software publishers).
-a An algorithm Hash algorithm. The value must be SHA-1 or MD5 (MD5 is the default).
-b Date Indicates the date when the certificate first takes effect. The default value is the time when the certificate is created. The DateStart format is MM/DD/YYYY.
-e Date End Date when the validity period ends. The default value is 2039.
-cy Certificate type Indicates the certificate type. CertificateTypes can end authoritative authentication of end entities or authority authorities.
-ss Specifies the name of the subject certificate repository in which the generated certificate will be stored.
– Registry location of the sr subject’s certificate library. It must be LocalMachine (registry key HKEY_LOCAL_MACHINE) or CurrentUser (registry key HKEY_CURRENT_USER) (the default is CurrentUser).
3. Click “Yes” in the pop-up dialog box
4. Succeeded is displayed on the command line.
Export self-signed digital certificates to PFX format with password (including private key)
1. Press the Windows+R combination key, enter certmgr. MSC, and click OK.
2. Click “Trusted Root Certification Authorities” – “Certificates” to find “LION CA”
3. Export the LION CA certificate in PFX format (including the private key). Right-click LION CA and click All Tasks to Export
Click Next as shown below
Select export private key and click Next
Select use password, input PFX certificate file access password (remember this password), change the encryption mode to AES-256, click “Next”
Click “Browse” to select the save location and click “Next”
Click Finish to export the certificate successfully