In my last post I described how to do the client-authenticated TLS and one of magic ingredients there was a certificate with the private key in the form of .pfx files.
Server and client certificates are essentially the same but I'll show creating of both anyhow. For this I will assume that your Windows SDK files are in the C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\ and that we are storing files in the root of the drive D:
> cd "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
> makecert -n "CN=MyServer" -r -sv D:\server.pvk D:\server.cer
Succeeded
> makecert -n "CN=MyClient" -pe -r -sv D:\client.pvk D:\client.cer
Succeeded
> pvk2pfx -pvk D:\server.pvk -spc D:\server.cer -pfx D:\server.pfx
> pvk2pfx -pvk D:\client.pvk -spc D:\client.cer -pfx D:\client.pfx
> DEL D:\client.cer D:\client.pvk D:\server.cer D:\server.pvkThis results in the server.pfx and client.pfx files. We can opt to import them into the Windows Certificate Store (also possible with makecert command) or to use them directly as in this example.