Skip to content

Creating self-signed certificate for code-signing

imageJust in case you cannot google it or you don’t like solutions longer then two strings of command line…

Sometimes you need to assure yourself that scripts or code you are about to run are the same as you’ve created them. One of the ways to achieve it is to put a flash drive with them into a safe. Another – get them signed. The second option seems to be a more convenient mean, but it requires a code-signing certificate. Buying one is quite an expense: I have failed to find any cheaper then $99 per two years. Well, it is not actually a huge sum of money, but will you care to pay if the only target is to be sure that it is your code? Maybe yes, maybe no and in case the answer is “no”: you can create your own certificate for code-signing without paying money and this certificate will be no worse unless you try to prove someone else, that this is your code =,,)

Here I’ve found a couple of brilliant answers, but somehow they involve creation of two certificates: one for your very own CA and the second – code-signing itself. While it is a good choice to create such a structure, some (like me) will prefer just a two-line solution, here you are:

1) Download windows SDK (it is a part of all the solutions, because here we get our makecert utility), install it and go to its installation folder.

2) makecert.exe -cy end -pe -r -n “CN=You Fancy Certificate’s Name” -sky Signature –sv path_tokey.pvk path_tokey.cer

3) pvk2pfx.exe -pvk path_tokey.pvk -spc path_tokey.cer -pfx path_tokey.pfx

4) Import key.pfx into your private certificate store. Or onto your smartcard.

Use it anywhere you need it. Notice, that in bold+italic are the parts you may want to change in your case.

I hope it will work for you as it worked for me.

Descriptions for makecert and pvk2pfx are here and here.