In my last post I described how to do the client-authenticated TLS and one of magic ingredients there was a certificate with the private key in the form of
Server and client certificates are essentially the same but I’ll show creating of both anyhow. For this I will assume that your Windows SDK files are in the
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\ and that we are storing files in the root of the drive D:
> cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
> makecert -n "CN=MyServer" -r -sv D:\server.pvk D:\server.cer
> makecert -n "CN=MyClient" -pe -r -sv D:\client.pvk D:\client.cer
> pvk2pfx -pvk D:\server.pvk -spc D:\server.cer -pfx D:\server.pfx
> pvk2pfx -pvk D:\client.pvk -spc D:\client.cer -pfx D:\client.pfx
> DEL D:\client.cer D:\client.pvk D:\server.cer D:\server.pvk
This results in the
client.pfx files. We can opt to import them into the Windows Certificate Store (also possible with makecert command) or to use them directly as in this example.