Create a self-signed, token-signing certificate
Updated: September 13, 2007
Applies To: Windows Server 2003 R2
You can use the following procedure to create a self-signed, code-signing certificate that also creates and installs a private key. To perform this procedure, use the Makecert.exe utility. Makecert.exe is available in the Microsoft .NET Framework 2.0 Software Development Kit (SDK) (x86) (http://go.microsoft.com/fwlink/?LinkId=79548).
To complete this procedure, you must be a member of the Administrators group on the local computer.
To create a self-signed, token-signing certificate
Open a command prompt.
Type the appropriate makecert syntax.
makecert -r -pe -n "CN=CertForADFS" -b 01/01/2006 -e 01/01/2007 -eku 22.214.171.124.126.96.36.199.3 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "CertForADFS.cer"
- Example command:
|Track certificate expiration dates to make sure that certificates are replaced before they expire. You can do this using the Active Directory Federation Services snap-in for certificates of the current organization and also for partners that you configure in the trust policy.|