8

I need to make two certificates: CA sert and Server cert.

I use this commands.

makecert -r -pe -n "CN=CACert" -a sha1 -sky signature -cy authority -sv CACert.pvk CACert.cer

certutil -addstore Root TGCA.cer

makecert -pe -n "CN=ServerCert" -a sha1 -sky exchange -ic CACert.cer -iv CACert.pvk -sv ServerCert.pvk ServerCert.cer

pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx

Then I import ServerCert.pfx to certificate storage.

Why they do not contain private key in storage?

Viacheslav Gostiukhin
  • 301
  • 1
  • 3
  • 15

2 Answers2

14

Why don't you try to generate pfx file by passing the private key password as an argument?

Try it this way

pvk2pfx -pvk ServerCert.pvk -spc ServerCert.cer -pfx ServerCert.pfx -pi password

As the documentation says:

/pi pvkpassword Specifies the password for the .pvk file.

Source: http://msdn.microsoft.com/en-us/library/windows/hardware/ff550672(v=vs.85).aspx

bruno.bologna
  • 475
  • 4
  • 14
  • 1
    For the benefit of searchers, the pvk2pfx tool is somewhere like C:\Program Files (x86)\Windows Kits\8.1\bin\x86 – JsAndDotNet Jun 16 '17 at 15:29
1

So, after a long dance with a tambourine I found a solution. Problem was in UI. My goal was to import pfx to localmachine storage. It's impossible to do by starting pxf file from folder.

When pxf imports wihout pvk pass, the internal private key do not imports. Password do not requests when importing to localmachine storage by MMC.

What I made:

  1. Import pxf-file from file explorer to CurrentUser "My" strorage (entering pvk password).
  2. Export certificate from storage to new pxf with password.
  3. Import new pxf to localmachine "My" storage with MMC.

I don't know other ways.

Viacheslav Gostiukhin
  • 301
  • 1
  • 3
  • 15