Argument Description

outputCertificateFile The name of the .cer file where the test X.509 certificate will be written.

Basic Options

Option Description
-nx509name Specifies the subject's certificate name. This name must conform to the X.500
standard. The simplest method is to specify the name in double quotes, preceded
by CN=; for example, "CN=myName".
-skkeyname Specifies the subject's key container location, which contains the private key. If a key
container does not exist, it will be created.
-srlocation Specifies the subject's certificate store location. Location can be
either currentuser(the default), or localmachine.
-ssstore Specifies the subject's certificate store name that stores the output certificate.
-#number Specifies a serial Number from 1 to 2^31-1. The default is a unique value generated
by Makecert.exe.
-$authority Specifies the signing authority of the certificate, which must be set to
either commercial (for certificates used by commercial software publishers)
or individual(forcertificates used by individual software publishers).
-? Displays command syntax and a list of basic options for the tool.
-! Displays command syntax and a list of extended options for the tool.

Extended Options

Option Description
-aalgorithm Specifies the signature algorithm. Must be either md5 (the default) or sha1.
-bmm/dd/yyyy Specifies the start of the validity period. Defaults to the certificate's creation date.
-cycertType Specifies the certificate type. Valid values are endfor end-entity, authorityfor
certification authority, or both.
-dname Displays the subject's name.
-emm/dd/yyyy Specifies the end of the validity period. Defaults to 12/31/2039 11:59:59 GMT.
-ekuoid[,oid] Inserts a list of comma-separated, enhanced key usage object identifiers (OIDs) into
the certificate.
-hnumber Specifies the maximum height of the tree below this certificate.
-icfile Specifies the issuer's certificate file.
-ikkeyName Specifies the issuer's key container name.
-ikykeytype Specifies the issuer's key type, which must be signature, exchange, or an integer
(such as4).
-in name Specifies the issuer's certificate common name.
-ipprovider Specifies the issuer's CryptoAPI provider name.
-irlocation Specifies the location of the issuer's certificate store. Location can be
either currentuser(the default) or localmachine.
-isstore Specifies the issuer's certificate store name.
-ivpvkFile Specifies the issuer's .pvk private key file.
-iypvkFile Specifies the issuer's CryptoAPI provider type.
-llink Links to policy information (for example, a URL).
-mnumber Specifies the duration, in months, of the certificate validity period.
-nscp Includes the Netscape client-authorization extension.
-r Creates a self-signed certificate.
-scfile Specifies the subject's certificate file.
-skykeytype Specifies the subject's key type, which must be signature, exchange, or an integer
(such as4).
-spprovider Specifies the subject's CryptoAPI provider name.
-svpvkFile Specifies the subject's .pvk private key file. The file is created if none exists.
-sytype Specifies the subject's CryptoAPI provider type.