Create self signed certificate

Visual studio comes with an exquisite tool to create a self signed certificate which you can use for Exchange/IIS/ADFS/whatever you like.

makecert -r -pe -n "CN=name.domain.com" -e 01/01/2020 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Note that this will store the certificate in your local machine certificate store but it’s marked as “private key exportable” (-pe) so you can export it from there.

 I have also created a .bat file in order to automate the localhost certificate generation. Don't forget to export the ca.localhost certificate and add it as a trusteed root certificate authority.
 

	@ECHO OFF
	@rem Check for visual studio tools if not already loaded
	if defined VCINSTALLDIR goto GenerateCerts
	@rem Ensure that visual studio is available
	if not defined VS120COMNTOOLS goto msbuild-not-found
	if not exist "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat" goto msbuild-not-found
	call "%VS120COMNTOOLS%..\..\vc\vcvarsall.bat"
	@rem Check that vs is properly loaded
	if not defined VCINSTALLDIR goto msbuild-not-found
	:GenerateCerts
	@REM Generate a CA
	makecert -r -pe -n "CN=ca.localhost" -e 10/25/2985 -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
	@REM Generate sts signing certificate
	makecert -pe -n "CN=localhost" -e 01/01/2982 -is my -ir CurrentUser -in "ca.localhost" -ss my -sr CurrentUser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
	@REM In order to export the newly created certificates
	@REM Run mmc.exe
	@REM File-> Add or Remove Snap-ins
	@REM Select Certificates from the left and then My User account (if above is CurrentUser)
	@REM They should be in the Personal->Certificates folder.
	pause
	exit /B 0
	:msbuild-not-found
	echo Visual studio tools were not found! Please check the VS100COMNTOOLS path variable
	exit /B 1

view raw GenerateLocalhost.bat hosted with ❤ by GitHub