I'm trying to create a website which uses SSL with a self-signed certificate.
Here's what I do:
Create authority certificate:
makecert -n "CN=root signing authority" -r -sv root.pvk root.cer
Create target certificate
makecert -r -pe -n "CN=localhost" -b 01/01/2012 -e 01/01/2020 -sky exchange localhost.cer -sv localhost.pvk
Sign the created certificate
makecert -ic root.cer -iv root.pvk -n "CN=localhost" -sv localhost.pvk -pe -sky exchange localhost.cer
Create a certificate with private key inside
pvk2pfx.exe -pvk localhost.pvk -spc localhost.cer -pfx localhost.pfx
Now, I want to use firefox for debugging website. To do that, I need to import the authority root certificate (root.cer) into the trusted certificate list.
However, when I'm trying to do this, I'm getting following error message:
This is not a certificate authority certificate, so it can't be imported into the certificate authority list.
I've done something similar with fiddler's authority certificate, and it went fine, which means that there's a problem with my process of creating authority certificate.
How do I properly create certificate authority certificates?
Maybe you could try adding the -cy authority parameter on the root certificate creation, like that:
makecert -n "CN=root signing authority" -cy authority -r -sv root.pvk root.cer
Thus you declare you are creating an authority certificate and that should do the job.. or at least take you on track =)
I tried myself to create a root certificate using this commandline and to import it into Firefox: I can confirm that if you don't add the "-cy" parameter, Firefox will not consider that a valid root certificate.
Hope that helps!