If you want to create a new certificate for some Web site for server authentication,
you can use the "makecert.exe -is -in -eku" options
as shown in this tutorial.
"\Program Files\Microsoft Visual Studio 8\sdk\v2.0\bin\makecert.exe"
-n "CN=www.yourdomain.com" -is TestStore -in "FYIcenter Root CA"
-ss TestStore -e "07/01/2022" -eku 18.104.22.168.22.214.171.124.1 -pe
What the above command was doing:
- '-n "CNfirstname.lastname@example.org"' specifies the name of the owner of the new certificate.
- '-is TestStore' specifies the issuer store where the issuer's private key and certificate is located.
- '-in "FYIcenter Root CA"' specifies the issuer name which is the CN of the issuer certificate.
This tells the command to sign the new certificate with this issuer's private key, instead of the
default "Root Agency".
- '-ss TestStore' specifies the subject store where new certificate will be saved.
- '-e "07/01/2022"' specifies the expiration date of the new certificate.
- '-eku 126.96.36.199.188.8.131.52.1' specifies the new certificate is for "Server Authentication" purpose only.
- '-pe' tells the command to make the new private key exportable.
You can verify the result in the certificate store using "certmgr.msc" tool: