How to create a self-signed certificate

June 17, 2016

1 – Creating the certificate

First, make sure you have “Microsoft Windows SDK for Windows and .NET Framework 4” kit installed first. https://www.microsoft.com/en-us/download/details.aspx?id=8279

I created a bat file to automate the process of creating a self-signed certificate.
Make sure to run “MakeCert.bat” with “run as Administrator”. This will create a certificate file and register it as valid.
You must edit the values in bold & underlined with your own.

“1-MakeCert.bat”


@ECHO OFF

echo Remember to "Run as administrator".
pause

REM Path to the windows certification tools
cd "C:\Program Files (x86)\Windows Kits\10\bin\x86\"

makecert.exe "%~dp0MyCertificateFile.cer" -r -n "CN= CompanyName,L= City,S= Province,C= Country" -$ individual -sv "%~dp0MyPrivateKeyFile.pkv" -pe -sr "LocalMachine" -ss "TheRootOfTheCertificate" -a md5 -eku 1.3.6.1.5.5.7.3.3

cert2spc.exe "%~dp0MyCertificateFile.cer" "%~dp0MyCertificateFile.spc"

pvk2pfx.exe -pvk "%~dp0myPrivateKeyFile.pkv" -pi YourPassword -spc "%~dp0MyCertificateFile.spc" -pfx "%~dp0MyPFXFile.pfx" -f

pause

2 – Signing your binary

I also created a bat file to automate the process of signing your binary. All that is left to automatically sign your binary file, is to drop your binary on “2-SignBinary.bat”.
You must edit the values in bold & underlined with your own.

“2-SignBinary.bat”


@ECHO OFF

REM Path to the windows certification tools
cd "C:\Program Files (x86)\Windows Kits\10\bin\x86\"

signtool.exe sign /f "%~dp0MyPFXFile.pfx" /p YourPassword /v /t http://timestamp.verisign.com/scripts/timstamp.dll %1

pause

Tips

  • Make sure to run “MakeCert.bat” with “run as Administrator”.
  • Remember to re-sign your application each time you recompile it.
    You can use the post-build event of Delphi to automate this process. If you use <= Delphi 7 there is this extension (free) or Eurekalog (150$) which allows you post-build events.

Thank you for reading. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: