Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

SelfCert: Create a Self-Signed Certificate Interactively (GUI) or Programmatically in .NET

It's a bit of a pain to create self-signed certs using MAKECERT. Learn how to use a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates.

Feb 13, 2012 • 3 Minute Read

  • Software Development

While this isn't new, I needed a new home for it since my old Pluralsight blog is gone now. Hopefully you'll find it helpful!

It's a bit of a pain to create self-signed certs using MAKECERT. So here's a GUI-based tool that uses a combination of the .NET Framework and the CryptoAPI to create self-signed X.509 certificates. And it's factored so that you can use the underlying library standalone - you can easily create certs programmatically now.

Here's the GUI:

The GUI has some nifty features: you can create a PFX file directly, or you can save directly to a cert store of your choice. When you save to a cert store, an extra dialog pops up showing you where the private key file resides, so that you can adjust the ACL accordingly. I've got a "view private key" feature that launches explorer with the /select argument, taking you to the private key file so that you can set the ACL on it. Anyway, this extra dialog gives you some quick info you typically want, like the thumbprint. And there are buttons for browsing the cert store and viewing the certificate as well from here.

The GUI gens the RSA key pair on a background thread, so a) the app doesn't lock up on you, and b) if you get tired of waiting for the key to gen, you can cancel easily enough :)

Here's some code that does this programmatically by calling the Pluralsight.Crypto library that is underneath all of this. Those of you who are familiar with the CryptoAPI will recognize the key abstraction here, CryptContext.

static void GenSelfSignedCert()

{

using (CryptContext ctx = new CryptContext())

{

ctx.Open();

X509Certificate2 cert = ctx.CreateSelfSignedCertificate(

new SelfSignedCertProperties

{

IsPrivateKeyExportable = true,

KeyBitLength = 4096,

Name = new X500DistinguishedName("cn=localhost"),

ValidFrom = DateTime.Today.AddDays(-1),

ValidTo = DateTime.Today.AddYears(1),

});

X509Certificate2UI.DisplayCertificate(cert);

}

}

Make sure you've got the Microsoft .NET Framework 3.5 installed. Self-Cert relies on it.

Download the project here, which includes binaries and sources. Feel free to use Pluralsight.Crypto in your own projects if you find it useful. Enjoy!

Ready to test your skills in .NET? See how they stack up with this assessment from Smarterer. Start this .NET test now

 

Keith Sparkjoy

Keith S.

Keith Sparkjoy was a Culture Coach at Pluralsight. As a cofounder, Keith was the Chief Technology Officer for many years, building and hosting the website and all things IT. These days there's a whole team of folks taking care of the tech, and Keith is focusing more on company culture, which is one of the most important aspects of a fast-growing business.

More about this author