I have a WEIRD certificate problem with makecert and it is driving me crazy. I created a root certificate with:
makecert -e 12/31/2222 -a sha1 -len 4096 -n "CN=RootCA" \
-r -sv RootCA.pvk RootCA.cer
Then I went on to create my client/server certificate (mutual authentication):
makecert -e 12/31/2222 -a sha1 -len 4096 -n "CN=ServerCert" \
-ss my -sky exchange -sk ServerCert -iv RootCA.pvk \
-ic RootCA.cer -sr localmachine ServerCert.cer
makecert -e 12/31/2222 -a sha1 -len 4096 -n "CN=ClientCert" \
-ss my -sky exchange -sk ClientCert -iv RootCA.pvk \
-ic RootCA.cer -sr localmachine ClientCert.cer
Later, when I went to use the MMC snapin for certificates, I found out that I forgot to use the "-pe" option, because when I went to go to export, the "Export private key" option was disabled.
Easy enough, I would just delete the certificates from the store and rerun the commands with the "-pe" option. Well, guess what? That didn't work. Still the private key was not exportable. So I just got one of the commands and replaced "servercert" with "tempcert". Well, first of all, I noticed that on generation of "tempcert", it was extremely slow, like 20-30 seconds. Also, the tempcert private key was exportable. So, I tried to delelte tempcert and regenerate it and see what would happen. It was EXTREMLY fast. Only taking a matter of 1 second. This happens with every certificate I generate. It is like makecert is caching the certificate the 1st time you generate it. I tried to reboot hoping it would clear out the cache. No luck ServerCert on reboot was still not exportable. I tried to make a new Root CA and that didn't help either. I tried to google for any type of certificate cache that I could hopefully flush without any luck. I don't know if this matters but I'm running Windows 7 x64 RC. Does anyone know what is going on?
Thanks,
Ncage