Wednesday, October 3, 2007

How to Create a Test Code Signing Certificate

I recently needed a code signing certificate to test with signtool.exe. Creating test certificates is a bit of nightmare because the required command line utilities are reasonably complicated. I hope this will save you some time.

makecert.exe -r -n "CN=Sign Test" -eku 1.3.6.1.5.5.7.3.3 -b 01/01/2005 -e 01/01/2020 -sv signcert.pvk signcert.cer
cert2spc.exe signcert.cer signcert.spc
pvk2pfx.exe -pvk signcert.pvk -pi pwd -spc signcert.spc -pfx signcert.pfx -f

The required command line utilities are included in the Windows Vista SDK. You can use the resulting PFX file to sign any DLL or EXE:

signtool.exe sign /f signcert.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll /v app.exe

1 comment: