Creating an X509 test certificate FAST!

I was playing around with WS-Security and needed a X509 certificate to test my service but I didn’t want to go through the hassle of installing that dreaded Microsoft Certificate Services and use that to create a new certificate for my needs. With Visual Studio comes a tool called makecert.exe just for the purpose of creating a quick test certificate.

I read the command line help and used all the appropriate command line switches but was unable to produce a working certificate. After some searching on the web I found a little note of Christian d’Heureuse on How to use makecert.exe to create a self-signed test certificate that can be used with IIS for SSL. It seems that makecert will not make the private key exportable as I had expected. Instead you must use an extra command line switch -pe to be able to export the private key with the certificate. This command line switch is not supported by the version of makecert that is installed with Visual Studio. You need a new version of makecert.exe that can be downloaded from Microsoft.

I want to thank Christian for pointing this out on his website, else I would never have known that a new version of makecert was the difference between success and failure when it comes to creating a quick test certificate.