X509 Certificate Installation

Here are the steps of installing an X509 certificate in windows:

Installation Steps for DEVAssumptions:

  • The Microsoft Windows SDK exists on the machine
  • The certificate name is SomeName

  1. Go to Start > All Programs > Microsoft Windows SDK > CMD Shell
  2. Execute the following command: makecert -r -pe -n “CN=SomeName” -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr LocalMachine -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12
  3. Copy the executable findprivatekey.exe to an arbitrary folder
  4. Go to Start > Run type cmd
  5. Browse to the folder where the findprivatekey.exe was copied
  6. Execute the following command: findprivatekey.exe My LocalMachine -n “CN=SomeName” -a
  7. Copy the output of that command in Notepad
  8. Remove all line breaks if you see any
  9. Replace the {output from above} by the text from step 8 and execute the following command:  cacls “{output from above}” /E /P NETWORKSERVICE:R Example: cacls “C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e7f481ca4127144bc75102dabb32ad0_c18e0de9-0e80-4436-920c-4ab1cae7939a” /E /P NETWORKSERVICE:R
  10. You’re done!

 Installation Steps for QA/ProdAssumptions:

  • The Microsoft Windows SDK exists on the machine
  • The certificate name is SomeName and is present in the local machine maybe with a different file name
  1. Go to Start > Run
  2. Type mmc
  3. Click on File > Add/Remove Snap-in…
  4. Click the Add
  5. Click on Certificates
  6. Select Computer Account
  7. Click Finish
  8. Click Close to finish adding the Snap-in
  9. Click Ok
  10. Under Console Root, expand Certificates (Local Computer)
  11. Expand Personal
  12. Click Certificates
  13. Right click and click on All Tasks > Import
  14. Click Next
  15. Click Browse, locate the exported certificate (use *.*) and then double click on it
  16. Click Next
  17. Type the password and then click Next
  18. Select Place all certificates in the following store
  19. If Personal isn’t showing in the box under, then click Browse, select Personal and click OK
  20. Click Next
  21. Click Finish
  22. Click OK
  23. Copy the executable findprivatekey.exe to c:\
  24. Go to Start > Run type cmd
  25. Go to the C:\ prompt
  26. Execute the following command: findprivatekey.exe My LocalMachine -n “CN=SomeName” -a
  27. Copy the output of that command in Notepad
  28. Remove all line breaks if you see any
  29. Replace the {output from above} by the text from step 29 and execute the following command:  cacls “{output from above}” /E /P NETWORKSERVICE:R Example: cacls “C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9e7f481ca4127144bc75102dabb32ad0_c18e0de9-0e80-4436-920c-4ab1cae7939a” /E /P NETWORKSERVICE:R
  30. You’re done!

The findprivatekey.exe is available here (rename .gif to .exe)

Advertisements