Creating a Digital Certificate for Testing Purposes [Office 2003 SDK Documentation]

If you don't have a valid certificate available for signing your XML expansion pack manifest file during testing, you can create a test certificate to use with the XMLSign tool.  You can use one of the following to create a test certificate for testing purposes:

  • The SelfCert tool included with Microsoft Office.
  • The MakeCert tool included with Microsoft Visual Studio .NET.

Using the Office SelfCert tool

To create a digital certificate for testing purposes using the Office SelfCert tool

  1. Open Windows Explorer.

  2. Navigate to the Selfcert.exe file located in the Office program folder. The default location is C:\Program Files\Microsoft Office\OFFICE11.

  3. Double-click the Selfcert.exe file to run it. The Create Digital Certificate dialog box appears.

  4. Enter your name or your company's name in the Your certificate's name box, and then click OK.

    You receive a message that you have successfully created a new certificate.

Using the Visual Studio .NET MakeCert tool

To create a digital certificate for testing purposes using the Visual Studio .NET MakeCert tool

  1. Click Start, and then click Run. In the Open box, type cmd and then click OK.

  2. At the command prompt, type the following string, and then press ENTER:

    makecert -sk Northwind -r -n "CN=Northwind Traders, OU=Certification, O=Northwind Traders, E=info@northwindtraders.com" -ss local NWind.cer

    The command window tells you whether you successfully created a digital signature. This creates a test certificate named NWind.cer located at the C:\Documents and Settings\Your User Name\ path.

    Note  If you cannot create a digital signature by using the previous string, make sure that the folder where the MakeCert.exe file is stored is in the DOS path for your computer. You can do this by typing path at the command prompt and pressing ENTER.

Understanding the MakeCert string

The following list of command-line parameters can help you to understand the previous string so that you can modify it for your own needs. Create a self-signed certificate by using the default test root. Also, create a key container (named Northwind) and output the certificate to both a store (named local) and a file (named NWind.cer).

String Parameter Description
-sk Northwind -sk subjectKey This is the name of the subject's key container that holds the private key. If a key container does not exist, one is created. If the -sk option is not used, a key container named JoeSoft is created by default. The subject key container name for the above string is Northwind.
-r -r Creates a self-signed certificate.
-n "CN=Northwind Traders, OU=Certification, O=Northwind Traders, E=info@northwindtraders.com" -n name Name for the publisher's certificate. This name must conform to the X.500 standard. The simplest method is to use "CN=CompanyName" format. For example: -n "CN=Northwind Traders".
StringX.500 Description
CN=Northwind TradersCN=Name of the company. Example: Northwind Traders.
OU=CertificationOU=Organizational Unit. Name of the organizational unit or department inside the company. Example: Certification.
O=Northwind TradersO=Organization.
E=info@northwindtraders.comE=Contact e-mail address for information about the digital signature.
String X.500 Description
CN=Northwind Traders CN= Name of the company. Example: Northwind Traders.
OU=Certification OU= Organizational Unit. Name of the organizational unit or department inside the company. Example: Certification.
O=Northwind Traders O= Organization.
E=info@northwindtraders.com E= Contact e-mail address for information about the digital signature.
-ss local -ss subjectCertStoreName Name of the subject's certificate store where the generated certificate will be stored.
NWind.cer saveCertificate.cer The file name of the newly created digital certificate file.

For a comprehensive list of command-line parameters for Authenticode digital certificates, see Signing and Checking Code with Authenticode.