views:

3576

answers:

3

We have a shrink wrap type Windows server application where we need to create a self signed certificate on the server to be used by some WCF web services. From our searches on the web, it appears that the makecert utility in the PlatformSDK from Microsoft cannot be distributed with our application, so we're looking for alternatives.

Does anyone know how to use OpenSSL to create a certificate and get it into the Windows LocalMachine certificate store? Or, alternatively is it straight forward to insert the certificate into the store in a .NET application and should we just create the certificate file with openssl? Any help/suggestions would be appreciated.

+1  A: 

Woohoo! It's time for pinvoke for you

crypt32 provides a CertCreateSelfSignCertificate function; if that succeeds you can store it in the user's personal store (or the machine store assuming you're working elevated)

blowdart
+2  A: 

I haven't used OpenSSL, but I'm in the same boat and have found this article helpful:

Securing WCF Services with Certificates

The author walks you through installing Microsoft Certificate Services, creating a CA that can be added to the trusted certificate authorities (on both client and server, since it's self signed), then generating client and server certificates that chain from the self-signed CA cert.

You won't need the client certs, but it does help you to create a self-signed CA and server cert.

Mike L
+3  A: 

[Unfortunately, I can't comment on anything yet, so I'll post this as an answer.]

I see that this post is a bit old, but I'm in a similar boat and I found this in the Visual Studio 2008 redist.txt file:

Windows SDK Files

Subject to the license terms for the software, the following files may be distributed unmodified:

MageUI.exe
Mage.exe
Makecert.exe

Not sure if something has changed (and if my interpretation is correct), but it looks like makecert.exe included as part of the Windows SDK, which is in-turn included as part of the VS2008 install can actually be redistributed.

Naveen
That's my understanding as well.
EricLaw -MSFT-