How to create a self signed cerficate using command prompt?

Question

Is there a way to create a self signed certificate in IIS in windows 2012 R2 using command prompt? I went many documents, everywhere there is tutorial using Windows powershell but not using command prompt. I do not have makecert utility installed in my system. Is there any other command or utility. I saw a selfssl utility but i am not sure whether it will work on windows 2012 RE server.

there are no built-in tools, as Microsoft and other vendors extensively move away from cmd to PowerShell. And why you can't use PowerShell? Any stopping reason? — Crypt32
No specific reason but just want to explore other options. i installed windows sdk which provided me makecert.exe, using which i can create a self signed certificate. But can anyone tell me what are the minimum required parameters to create using makecert and also once its completes and displays suceeded, where can i look for my certificate in my system? — Rahul

pepo pepo · Accepted Answer · 2016-01-20T07:11:45

Try certreq tool. Data are given in a form of inf file. The before mentioned link contains information about the file structure. This link contains example inf file of an SSL certificate (could be of more help).

Then run

certreq -new your_inf_file.inf generated_req.req

As a side effect it will generate a self signed certificate in Certificate Enrollment Requests in the store you specified in the inf file. Just move the certificate to My store and also (because it is self signed) to Trusted Root Certification Authorities.

You can also use xca. It is a nice utility built on openssl which lets you create any certificates (self signed or any chain of CAs) and it is easy to use.

How to create a self signed cerficate using command prompt?

2 Answers