Create a self-signed, token-signing certificate
Applies To: Windows Server 2003 R2
You can use the following procedure to create a self-signed, code-signing certificate that also creates and installs a private key. To perform this procedure, use the Makecert.exe utility. Makecert.exe is available in the Microsoft .NET Framework 2.0 Software Development Kit (SDK) (x86) (https://go.microsoft.com/fwlink/?LinkId=79548).
Administrative credentials
To complete this procedure, you must be a member of the Administrators group on the local computer.
To create a self-signed, token-signing certificate
Open a command prompt.
Type the appropriate makecert syntax.
- Example command:
makecert -r -pe -n "CN=CertForADFS" -b 01/01/2006 -e 01/01/2007 -eku 1.3.6.1.5.5.7.3.3 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 "CertForADFS.cer"
Note
Track certificate expiration dates to make sure that certificates are replaced before they expire. You can do this using the Active Directory Federation Services snap-in for certificates of the current organization and also for partners that you configure in the trust policy.
See Also
Concepts
Rolling Over a Token-signing Certificate
Rolling Over a Client Authentication Certificate