Export (0) Print
Expand All

Create a self-signed, token-signing certificate

Updated: September 13, 2007

Applies To: Windows Server 2003 R2

You can use the following procedure to create a self-signed, code-signing certificate that also creates and installs a private key. To perform this procedure, use the Makecert.exe utility. Makecert.exe is available in the Microsoft .NET Framework 2.0 Software Development Kit (SDK) (x86) (http://go.microsoft.com/fwlink/?LinkId=79548).

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To create a self-signed, token-signing certificate

  1. Open a command prompt.

  2. Type the appropriate makecert syntax.

    • Example command:

    makecert -r -pe -n "CN=CertForADFS" -b 01/01/2006 -e 01/01/2007 -eku 1.3.6.1.5.5.7.3.3 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "CertForADFS.cer"

noteNote
Track certificate expiration dates to make sure that certificates are replaced before they expire. You can do this using the Active Directory Federation Services snap-in for certificates of the current organization and also for partners that you configure in the trust policy.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft