Error when creating a certificate using Windows SDK 7.1 Command Prompt

1

I am a new administrator with very little experience, trying to configure my ADFS to cooperate with a single sign-on solution to cloud-based help desk software to be used internally in my organization. I have installed the Windows 7.1 SDK package on Server 2012, and am now in the process of attempting to make a certificate. The PDF guide is now instructing me to type the following commands into Windows SDK 7.1 command prompt:

makecert -r -pe -n "CN=adfs.yourdomain.com" -b 01/01/2013 -e 01/01/2014 -sky exchange Server.cer
  -sv Server.pvk

(Instead of “adfs.yourdomain.com” give the fully qualified name of the AD FS system in the above command)

pvk2pfx.exe -pvk Server.pvk -spc Server.cer -pfx Server.pfx

After entering command 1.), I enter a password upon being prompted to do so. Next, I enter 2.), at which time it gives me an error message as follows:

ERROR: File not found
Error Code = 0x80070002

My question is two-fold: firstly and most straight-forwardly, what is happening here and how do I resolve this issue? Secondly, and more generally, what resources are available to me to familiarize myself with these presently obscure commands? I mean, I don't even know what I'm typing...

windows
windows-server-2012
windows-command-prompt
adfs
sdk
asked on Server Fault Nov 11, 2015 by Joe A • edited Nov 11, 2015 by Jakuje

2 Answers

1

Have a look at How to: Create Your Own Test Certificate.

The article explains what all the parameters mean.

e.g. cn is the subject name of your certificate, b is valid from, e is valid to etc.

Or refer to the full MSDN documentation - Makecert.exe (Certificate Creation Tool).

Essentially, you are creating a certificate and then transforming this into a pfx file (which is a type of certificate file that also contains the private key).

If you are using IIS for ADFS (i.e. not 2012 R2), then you can do this with IIS - How to Create a Self Signed Certificate in IIS 7

answered on Server Fault Nov 12, 2015 by nzpcmad
1

Thanks to nzpcmad, who provided me with a resource for understanding how the command prompt works, I was able to provide a solution to my issue that I hope others can use in the future:

The command prompt requires that all the executable files involved in the commands be in the directory that the command prompt is set to. (You can see the directory that the command prompt is set to by simply looking at the text prior to the '>' character). Therefore, in this particular situation, it requires makecert.exe and pvk2pfx.exe to be in the same directory folder, which it is not by default in Windows SDK 7.1 command prompt -- it is in the Bin folder within the default command prompt.

I created a folder in C:/ called 'MakeCert'. I then found the two executable programs needed to run their respective commands -- i.e, makecert.exe to run the command 'makecert', and pvk2pfx.exe to run the command 'pvk2pfx' -- in the file path "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin". Next, I placed these two executable files in the folder "C:/MakeCert that I created. Finally, I used the command prompt command "cd C:/MakeCert" -- which translates to change directory (cd) to the folder C:/MakeCert.

This changed the directory from the default path "C:\Program Files\Microsoft SDKs\Windows\v7.1", and provided a directory with both of my required .exe files as well as a place to house my created certificate files. There is no longer a "File Not Found" Error.

answered on Server Fault Nov 12, 2015 by Joe A • edited Nov 12, 2015 by Joe A

User contributions licensed under CC BY-SA 3.0