WHAT'S NEW?
Loading...

How to: Create your own signed certificates

Index

  • Prerequisites
  • Source Material
  • CA Creation
  • Service Certificate Creation
  • Certificate Permissions
  • Client Certificate deployment
  • Config file examples

Intro

The idea of this post is follow the different steps you need to accomplish in order to build and use a ssl certificate on your own.

Prerequisites

VS 2013 cmd prompt
FindPrivateKey (http://blog.rhysgoodwin.com/windows-admin/findprivatekey-exe-pre-compiled/)

Source Material

Create Development Certificate Authority and Certificate (https://msdn.microsoft.com/en-gb/library/ff647171.aspx)
How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms (https://msdn.microsoft.com/en-us/library/ff648360.aspx)

CA Creation

  • makecert -n "CN=RootCATestMWM" -r -sv RootCATestMWM.pvk RootCATestMWM.cer
  • Install RootCATestMWM.cer into Computer Certificates under Trusted Root Certification Authorities
  • makecert -crl -n "CN=RootCATestMWM" -r -sv RootCATestMWM.pvk RootCATestMWM.crl
  • Install RootCATestMWM.crl into Computer Certificates under Trusted Root Certification Authorities

Service Certificate Creation

makecert -sk MWMWCFkey -iv RootCATestMWM.pvk -n "CN=MWMWCF" -ic RootCATestMWM.cer -sr localmachine -ss my -sky exchange -pe

Certificate Permissions

  • FindPrivateKey.exe My localmachine -n "CN=MWMWCF"
  • view permissions (swap out private key and folder as necessary)
  • cacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9a4xx8832dca5a244d3f9_a8ab4228-7aa5-413e-xxxx-1a5f48e30d15
  • edit permissions (swap out private key and folder as necessary)
  • cacls C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\9ax5fe8832dca5a244d3f9_a8ab4228-7aa5-413e-be66-1a5f48e30d15 /E /G "NT AUTHORITY\NETWORK SERVICE":R

Client Certificate deployment

Copy the root CA certificate (RootCATest.cer) and private key file (RootCATest.pvk), to the client machine.
makecert -sk MWMWCFKey -iv RootCATestMWM.pvk -n "CN=MWMWCFClient" -ic RootCATestMWM.cer -sr CurrentUser -ss my -sky signature -pe MWMWCFClient.cer

makecert -sk MWMWCFKey -iv RootCATestMWM.pvk -n "CN=MWMWCF" -ic RootCATestMWM.cer -sr LocalMachine -ss my -sky signature -pe MWMWCFClient.cer


WCF URL ACL Grant Permissions

netsh http add urlacl url=http://+:PortNumber/MyService user="NT AUTHORITY\NETWORK SERVICE"

Config file examples

WCF Service config Example



WCF Client Config Example


That's all for today, I hope this posts gives you clarity on how to create your own Certificates and start securing up your applications.

0 comments:

Post a Comment