MQSeries.net :: View topic - makecert batch file

MQSeries.net

Tech Exchange

Education

Certifications

Library

Info Center

SupportPacs

FAQÂ Â

Usergroups

RSS Feed - WebSphere MQ Support

RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » makecert batch file

makecert batch file

« View previous topic :: View next topic »

Author

Message

rajmq

Posted: Fri Mar 28, 2003 11:23 pm Post subject: makecert batch file

Partisan

Joined: 29 Sep 2002
Posts: 331
Location: USA

Hi

I am running makecert program for setting CA, but system is giving there is no batch file like.
Even i checked directory drive:\ Program Files\MicroSoft Office\Office

and other commands like openssl i am not able use..

can anyone helpme out

regards
raj

rajmq

Posted: Sat Mar 29, 2003 6:14 am Post subject:

Partisan

Joined: 29 Sep 2002
Posts: 331
Location: USA

hi

Finally i found that command but After running this command

i am not able to see any CA setup..

D:\Program Files\Microsoft Office\Office>makecert -pe -n CN=WebSphereCA -ss MY -sr CurrentUser -a sha1 -sky signature -r WebSphereCA.cer

Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
-sk <keyName> Subject's key container name; To be created if not present
-ss <store> Subject's certificate store name that stores the output
certificate
-sr <location> Subject's certificate store location.
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-# <number> Serial Number from 1 to 2^31-1. Default to be unique
-$ <authority> The signing authority of the certificate
<individual|commercial>
-n <X509name> Certificate subject X500 name (eg: CN=Fred Dews)
-? Return a list of basic options
-! Return a list of extended options

what is the wrong in the above command

regards
raj

techno

Posted: Thu May 20, 2004 10:21 am Post subject:

Chevalier

Joined: 22 Jan 2003
Posts: 429

How do I find the version of it? I heard there are some bugs with soem versions of it.

I am getting this error:

D:\>D:\Progra~1\Micros~2\Office\MAKECERT.EXE -sk MQKey1 -$ individual -sky 1 -eku "1.3.6.1.5.5.7.3.3" -n "name=techno" MQKEY.P12

Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597)
Failed

D:\>D:\Progra~1\Micros~2\Office\MAKECERT.EXE
Error: Please either specify the outputCertificateFile or -ss option
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Basic Options
-sk <keyName> Subject's key container name; To be created if not present
-ss <store> Subject's certificate store name that stores the output
certificate
-sr <location> Subject's certificate store location.
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-# <number> Serial Number from 1 to 2^31-1. Default to be unique
-$ <authority> The signing authority of the certificate
<individual|commercial>
-n <X509name> Certificate subject X500 name (eg: CN=Fred Dews)
-? Return a list of basic options
-! Return a list of extended options

D:\>D:\Progra~1\Micros~2\Office\MAKECERT.EXE -!
Usage: MakeCert [ basic|extended options] [outputCertificateFile]
Extended Options
-sc <file> Subject's certificate file
-sv <pvkFile> Subject's PVK file; To be created if not present
-ic <file> Issuer's certificate file
-ik <keyName> Issuer's key container name
-iv <pvkFile> Issuer's PVK file
-is <store> Issuer's certificate store name.
-ir <location> Issuer's certificate store location
<CurrentUser|LocalMachine>. Default to 'CurrentUser'
-in <name> Issuer's certificate common name.(eg: Fred Dews)
-a <algorithm> The signature algorithm
<md5|sha1>. Default to 'md5'
-ip <provider> Issuer's CryptoAPI provider's name
-iy <type> Issuer's CryptoAPI provider's type
-sp <provider> Subject's CryptoAPI provider's name
-sy <type> Subject's CryptoAPI provider's type
-iky <keytype> Issuer key type
<signature|exchange|<integer>>.
-sky <keytype> Subject key type
<signature|exchange|<integer>>.
-d <name> Display name for the subject
-l <link> Link to the policy information (such as a URL)
-cy <certType> Certificate types
<end|authority|both>
-b <mm/dd/yyyy> Start of the validity period; default to now.
-m <number> The number of months for the cert validity period
-e <mm/dd/yyyy> End of validity period; defaults to 2039
-h <number> Max height of the tree below this cert
-r Create a self signed certificate
-nscp Include netscape client auth extension
-eku <oid[<,oid>]> Comma separated enhanced key usage OIDs
-? Return a list of basic options
-! Return a list of extended options

JasonE

Posted: Fri May 21, 2004 4:36 am Post subject:

Grand Master

Joined: 03 Nov 2003
Posts: 1220
Location: Hursley

Do a properties of makecert.exe from explorer - 5.131.3617.0 is a good version. Possibly available here:
http://download.microsoft.com/download/platformsdk/Update/5.131.3617.0/NT45XP/EN-US/makecert.exe

Instructions with no implied support

Building a CA:

Quote:

makecert -n CN=GSKITPBM -ss MY -sr CurrentUser -b 08/07/2003 -e 08/07/2005 -a sha1 -sky signature -r -pe MYCA.cer

Getting a Personal cert@

Quote:

makecert -pe -n CN=NEWERPERSONAL -ss MY -sr CurrentUser -b 08/07/2003 -e 08/07/2005 -a sha1 -sky exchange -eku .3.6.1.5.5.7.3.1 -in GSKITPBM -is MY -ir CurrentUser -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 HDQ_MQSRSQ_001.cer
echo Certificate in IE store!
del HDQ_MQSRSQ_001.cer

Note - The personal key is put in the personal store in IE so you need to export it or use the Manage SSL Certificates to move it into the qmgr store

Note2 - This may well not work on NT4, I cant confirm or deny.

Display posts from previous:

Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » makecert batch file

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Protected by Anti-Spam ACP