add or create 'Subject Alternative Name' field to self-signed certificate using makecert

certificate x509certificate self-signed makecert
wal picture wal · Jun 17, 2011 · Viewed 40.8k times · Source

How can I create a certificate using makecert with a 'Subject Alternative Name' field ?

enter image description here

You can add some fields eg, 'Enhanced Key Usage' with the -eku option and I've tried the -san option but makecert doesn't like it.

This is a self-signed certificate so any method that uses IIS to create something to send off to a CA won't be appropriate.

Answer

DanO picture DanO · Apr 28, 2017

An even easier way is to use the New-SelfSignedCertificate PowerShell commandlet, which includes a SAN by default. In a single command you can create the certificate and add it to the store.

New-SelfSignedCertificate -DnsName localhost -CertStoreLocation cert:\LocalMachine\My

Note that you need to run PowerShell as an administrator.

Related questions

How to create a self-signed certificate with OpenSSL

I'm adding HTTPS support to an embedded Linux device. I have tried to generate a self-signed certificate with these steps: openssl req -new > cert.csr openssl rsa -in privkey.pem -out key.pem openssl x509 -in cert.csr -out …

Read More
Export P7b file with all the certificate chain into CER file

I have p7b file provided by Thwate.When I am trying to export the certificate in the cer file using the below command, the certificate chain is not included. Please suggest how to do the same. This CER is …

Read More
How does an SSL certificate chain bundle work?

I've created a chain hierarchy like this. root-ca ==> signing-ca ==> subordinate-ca ==> server It is mentioned to create chain bundle, the lowest should go first. $ cat server.crt subordinate-ca.crt signing-ca.crt > server.pem But verification fails. $ openssl …

Read More