How to create a self-signed certificate
June 17, 20161 – Creating the certificate
First, make sure you have “Microsoft Windows SDK for Windows and .NET Framework 4” kit installed first. https://www.microsoft.com/en-us/download/details.aspx?id=8279
I created a bat file to automate the process of creating a self-signed certificate.
Make sure to run “MakeCert.bat” with “run as Administrator”. This will create a certificate file and register it as valid.
You must edit the values in bold & underlined with your own.
“1-MakeCert.bat”
@ECHO OFF
echo Remember to "Run as administrator".
pause
REM Path to the windows certification tools
cd "C:\Program Files (x86)\Windows Kits\10\bin\x86\"
makecert.exe "%~dp0MyCertificateFile.cer" -r -n "CN= CompanyName,L= City,S= Province,C= Country" -$ individual -sv "%~dp0MyPrivateKeyFile.pkv" -pe -sr "LocalMachine" -ss "TheRootOfTheCertificate" -a md5 -eku 1.3.6.1.5.5.7.3.3
cert2spc.exe "%~dp0MyCertificateFile.cer" "%~dp0MyCertificateFile.spc"
pvk2pfx.exe -pvk "%~dp0myPrivateKeyFile.pkv" -pi YourPassword -spc "%~dp0MyCertificateFile.spc" -pfx "%~dp0MyPFXFile.pfx" -f
pause
2 – Signing your binary
I also created a bat file to automate the process of signing your binary. All that is left to automatically sign your binary file, is to drop your binary on “2-SignBinary.bat”.
You must edit the values in bold & underlined with your own.
“2-SignBinary.bat”
@ECHO OFF
REM Path to the windows certification tools
cd "C:\Program Files (x86)\Windows Kits\10\bin\x86\"
signtool.exe sign /f "%~dp0MyPFXFile.pfx" /p YourPassword /v /t http://timestamp.verisign.com/scripts/timstamp.dll %1
pause
Tips
- Make sure to run “MakeCert.bat” with “run as Administrator”.
- Remember to re-sign your application each time you recompile it.
You can use the post-build event of Delphi to automate this process. If you use <= Delphi 7 there is this extension (free) or Eurekalog (150$) which allows you post-build events.
Thank you for reading. 🙂