Is it possible to use makecert to create self-signed certificates with a specific key usage property?
I need to generate a self-signed certificate for testing. It must have the "Digital Signature" and "Non-repudiation" values on the "Key Usage" property such as described in RFC 3280 section 4.2.1.3.
I have tried some variations with the "-sky" option, such as "3" (bit 0 and bit 1 set) and "1,2". The first is not accepted and the second creates a certificate but it doesn't seem to have the "KeyUsage" property set.
Please notice that this doesn't refer to "-eku" (extended key usage).
This is the script I'm using:
makecert -r -pe -n "CN=cte-dev-CA" -ss CA -sr CurrentUser -a sha1 -sky signature -sv cte-dev-CA.pvk cte-dev-CA.cer
certutil -user -addstore Root cte-dev-CA.cer
makecert -pe -n "CN=cte-dev-SPC" -eku 1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4 -a sha1 -sky signature -ic cte-dev-CA.cer -iv cte-dev-CA.pvk -sv cte-dev-SPC.pvk cte-dev-SPC.cer
pvk2pfx -pvk cte-dev-SPC.pvk -spc cte-dev-SPC.cer -pfx cte-dev-SPC.pfx -po my-password
There is no argument for makecert that affects the "Key Usage" field of the created certificate. At least, I have also been unable to find one.