I used the makecert tool to create:
These are the commands I used:
makecert -n "CN=MatthewCA" -r -sv MatthewCA.pvk MatthewCA.cer **for self signed certificate**
makecert -sk localhost -iv MatthewCA.pvk -n "CN=localhost" -ic MatthewCA.cer localhost.cer -sr localmachine -ss my -sky exchange -pe -b 01/01/2013 -e 01/01/2020 **for client certificate**
The two commands generated the following files:
I then installed MatthewCA.cer in the Trusted Root Authorities section in mmc.
The localhost.cer was installed in the Personal section in mmc.
When I view the certificate of localhost.cer from mmc, it says You have a private key that corresponds to this certificate.
Does this mean that the certificate contains the private key? If I send the localhost.cer to someone else, can they extract the private key? If yes, how can I seperate the private key from the certificate?
When you export the certificate from the store, you'll have a choice over whether to export the private key (the default is "no").
Windows maintains a link between the private key you own and the certificate, but the private key is not embedded in the certificate.