Create 3 batch files for generating certificates.

If you want to know the details of each script take a look at this great tutorial about makecert (http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/)

In this tutorial the files will be stored under c:\temp\ssl

File 1 - Certificate Authority

The batch file will create the root CA that can be used to sign other certificates such as ssl certificates for servers and clients.

Paste the code below into notepad and save it as CARoot.cmd.

makecert.exe ^
-n "CN=CARoot" ^
-r ^
-pe ^
-a sha512 ^
-len 4096 ^
-cy authority ^
-sv CARoot.pvk ^
-sr LocalMachine ^
-ss Root ^
CARoot.cer

pvk2pfx.exe ^
-pvk CARoot.pvk ^
-spc CARoot.cer ^
-pfx CARoot.pfx ^
-po Test123

File 2 - Server Certificate

Normally you would use a domain name for CN, but since there might be times when you only have ip adress I will show that in this sample. Below we use 192.168.1.7 (my local machine on my home network).

Do note that this batch file will take a parameter which will be the name of the cert. All '%1' will be replaced by the parameter you pass in.

Paste the code below into notepad and save it as CreateServerCert.cmd

makecert.exe ^
-n "CN=192.168.1.7" ^
-iv CARoot.pvk ^
-ic CARoot.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-b 01/01/2014 ^
-e 01/01/2016 ^
-sky exchange ^
-eku 1.3.6.1.5.5.7.3.1 ^
-sv %1.pvk ^
%1.cer

pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po Test123

File 3 - Client Certificate

Paste the code below into notepad and save it as CreateClientCert.cmd

makecert.exe ^
-n "CN=ClientCert" ^
-iv CARoot.pvk ^
-ic CARoot.cer ^
-pe ^
-a sha512 ^
-len 4096 ^
-b 01/01/2014 ^
-e 01/01/2016 ^
-sky exchange ^
-eku 1.3.6.1.5.5.7.3.2 ^
-sv %1.pvk ^
%1.cer

pvk2pfx.exe ^
-pvk %1.pvk ^
-spc %1.cer ^
-pfx %1.pfx ^
-po Test123

Now that we have all scripts ready we can start generating certificates.

First of all open up the Developer Command Prompt for Visual Studio, then navigate to the folder where the files we just created are located. In my case c:\temp\ssl

Generate CARoot

Just call CARoot.cmd from the Developer Command Prompt.

Enter the password when prompted...

Generate Server Certificate

Call the CreateServerCert.cmd and append a parameter that will be the name of the cert.

For example: CreateServerCert.cmd MyServerCert

Once again you will be prompted som passwords. For details about this, take a look at http://www.jayway.com/2014/09/03/creating-self-signed-certificates-with-makecert-exe-for-development/

Generate Client Certificate

Call the CreateClientCert.cmd and append a parameter that will be the name of the cert.

For example: CreateClientCert.cmd MyClientCert