0

I used to create self signed certificates using makecert like so

makecert.exe 
    -iv fooCA.pvk
    -ic fooCA.cer
    -n "CN=Username"
    -pe 
    -sv username.pvk 
    -a sha1 
    -len 2048 
    -b 08/07/2014 
    -e 08/07/2024 
    -sky exchange username.cer 
    -eku 1.3.6.1.5.5.7.3.2

Now using Windows 10 I can't use MakeCert anymore, I'm trying to use the New-SelfSignedCertificate script to achieve the same. Here's what I've tried so far.

New-SelfSignedCertificate
-Subject "CN=Username" 
-KeyExportPolicy Exportable 
-Container "Username.pvk" 
-KeyAlgorithm sha1 
-KeyLength 2048 
-NotBefore 08/07/2014 
-NotAfter 08/07/2024 -KeySpec KeyExchange 
-TextExtension @("1.3.6.1.5.5.7.3.2")

What parameters should I use to mirror the -iv and -ic from MakeCert?

I also suspect that my Subject is incorrect or that I need add an alternative subject in the TextExtension as I currently get a Missing Subject Information Error.

ThrowingSpoon
  • 103
  • 1
  • 5

2 Answers2

1

a little late to the game - but found that you need to prefix the values in TextExtension with 2.5.29.37={text}

so in your case it would probably look something like this: 

-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

Search for "Enhanced Key Usage" on this page: https://docs.microsoft.com/en-us/powershell/module/pkiclient/new-selfsignedcertificate?view=win10-ps#examples

Dennis
  • 11
  • 3
0

I have Windows 10 and makecert.exe is in "c:\Program Files (x86)\Windows Kits\10\bin\x64" . You can download the SDK from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk .

Mer
  • 991
  • 4
  • 9