I am trying to generate a self signing certificate but am unable to accomplish it. I am using this command to create a self signing certificate authority:
makecert -n "CN=PowerShell Local Certificate Root" -a sha1 -eku 1.3.6.1.5.5.7.3.3 -r -sv root.pvk root.cer -ss Root -sr localMachine
Which by all accounts works, and I can view the new entry under the Trusted Root Certification Authorities.
Next I use the following command to create a signing certificate:
makecert -pe -n "CN=PowerShell User" -ss MY -a sha1 -eku 1.3.6.1.5.5.7.3.3 -iv root.pvk -ic root1.cer
But the command fails with:
Error: Can't load the issuer certificate ('root1.cer')
Failed
I was of the impression that the -ic switch would create the root1.cer file, but the error seems to indicate that it can't load it? Where am I going wrong with this?
When attempting to creating a Self Signed Certificate it does not require another certificate to generate it. Because as the name states, it is Self Signed (it is signed by the private key that belongs to the public key it contains).
When creating a common certificate you should provide a parent to make use of it. When verifying authenticity of this child certificate you should also have the parent certificate installed on your machine. This is the concept of Chain Trust.
See in your 'Local Machine' store, under trusted root certificates, you should have .cer from many Authority Agencies, such as Verisign for instance.
-iv Stands for Issuer's Private Key. (Parent .pvk)
-ic Stands for Issuer's Certificate. (Parent .cer)