Creating certificates for Cardspace (Inforcard) and SSL
This post will guide you in the job of creating and installing a X.509 Certificate for working with CardSpace over https (SSL).
The main reason you would need to create a self issued certificate is to test your application. Earlier versions of Cardspace required a valid certificate to connect over https (using a SSL – Secure Socket Layer). Although CardSpace now supports http communications, it is a good idea to make a full functional test using https. The production server will need to use https for security reasons.
The Certificates generated by these commands have been used with IIS 7.0.
Before running these commands, change the value of -n “CN=your.domain.com” in the signed certificate to match your own.
To run the commands open a “Visual Studio Command Prompt” (“Start” à “Programs” à “Microsoft Visual Studio” à “Visual Studio Tools” à “Visual Studio Command Prompt”)
[If your OS is Windows Vista and UAC is activated, you will need to open the “Visual Studio Command Prompt” as “Administrator”]
For the root certificate:
makecert -pe -n “CN=Sample Root Authority” -ss root -sr LocalMachine -a sha1 -sky signature -r “SampleRootAuthority.cer”
For the signed certificate:
makecert -pe -n “CN=your.domain.com” -ss my -sr LocalMachine -a sha1 -sky exchange -eku 1.3.6.1.5.5.7.3.1 -in “Sample Root Authority” -is root -ir LocalMachine -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 “SampleSSLCert.cer”
To verify that the certificates have been installed correctly, (open the certificate store) and look for the certificates:
“Local Computer” à “Trusted Root Certification Authority” à “Sample Root Authority”
“Local Computer” à “Personal” à “your.domain. com”
Finally, try browsing a page on your site using https. If you get “File Access Permission Error”, check the File Permission Error after creating the self issued certificate post.