Export (0) Print
Expand All

Create a self-signed, token-signing certificate

Updated: September 13, 2007

Applies To: Windows Server 2003 R2

You can use the following procedure to create a self-signed, code-signing certificate that also creates and installs a private key. To perform this procedure, use the Makecert.exe utility. Makecert.exe is available in the Microsoft .NET Framework 2.0 Software Development Kit (SDK) (x86) (

Administrative credentials

To complete this procedure, you must be a member of the Administrators group on the local computer.

To create a self-signed, token-signing certificate

  1. Open a command prompt.

  2. Type the appropriate makecert syntax.

    • Example command:

    makecert -r -pe -n "CN=CertForADFS" -b 01/01/2006 -e 01/01/2007 -eku -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "CertForADFS.cer"

Track certificate expiration dates to make sure that certificates are replaced before they expire. You can do this using the Active Directory Federation Services snap-in for certificates of the current organization and also for partners that you configure in the trust policy.

See Also

Community Additions

© 2016 Microsoft