Over a million developers have joined DZone.

Creating a Self Signed Certificate in Windows


This is a short guide on how to create a self signed certificate in Windows and store it in files. There are many similar guides available out there, but most of them also imports the freshly created certificate into the certificate store. Sometimes I prefer to be able to create a certificate without polluting my certificate store.

In a developer command prompt (or a normal prompt where you have makecert and pvk2pfx in the path) run these commands:

makecert -r -n "CN=www.example.com" -sv cert.pvk cert.cer
pvk2pfx -pvk cert.pvk -spc cert.cer -pfx cert.pfx

Continue reading for explanation of the commands and switches.


makecert creates the certificate. When run, it will show a prompt where it is possible to enter a password for the private key of the cert.

Switch Explanation
-r Create a self signed certificate.
-n Set the subject of the certificate (should be prefixed with CN=).
-sv File to save the generated private key to. Should end in .pvk.
Finally give the file name of the certificate file. Should end in .cer.

Two files will be created by makecert. The .cer file contains the public information about the certificate and the .pvk file contains the private key. For ease of use, these two can be combined into a pfx file with thepvk2pfx command.


pvk2pfx combines the private key and the public information about the certificate into a .pfx file.

Switch Explanation
-pvk pvk file with the private key to load.
-spc Spc file with the public information about the cert – the .cer file from the previous step.
-pfx Pfx file to create/overwrite.

The pfx file can be loaded into the certificate store (double click on it in the windows explorer) or used directly from the code with the X509Certificate2(string fileName) constructor.


Please be aware that the .pvk and .pfx files contains the private key for the certificate. Anyone with access to those files can spoof the identity of the certificate, so handle them appropriately.

To show the information about the certificate to someone else, the .cer file contains everything needed without revealing the private key.


Published at DZone with permission of Anders Abel, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}