codingoutloud
10/24/2012 - 8:23 PM

Generate a self-signed certificate (*.cer) useful for use with the Windows Azure Service Management API. Optionally create Private Key (*pvk

Generate a self-signed certificate (.cer) useful for use with the Windows Azure Service Management API. Optionally create Private Key (pvk) and Personal Information Exchange (*.pfx) files.

make-waz-certs.bat
content_copyfile_download
@echo off
rem - Generate a self-signed certificate (*.cer) useful for use with the Windows Azure Service Management API.
rem - Optionally create Private Key (*pvk) and Personal Information Exchange (*.pfx) files.
rem - A more advanced version of https://gist.github.com/3767941
rem - Assumes the makecert.exe and pvk2pfx.exe are available in your path on Windows.
rem - SOURCE: https://gist.github.com/3948621

if .%1.==.. goto USAGE
if .%2.==.. goto USAGE
if "%3"=="-private" goto PRIVATE

makecert.exe -r -pe -n %1 -ss My -sky exchange -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 %2.cer
goto END

:PRIVATE

if .%4.==.. goto USAGE

rem TODO: The -l (link) option should be parameterized
rem This value shows up under SpcSpAgencyInfo property and also specifies the URL that the Issuer Statement 
rem button will take you to in the Certificate dialog box on Windows
set LINK=www.devpartners.com
set EXPIRATION=12/31/2050

makecert.exe -l %LINK% -e %EXPIRATION% -r -pe -n %1 -ss My -sky exchange -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 -sv %2.pvk %2.cer
rem Can leave off the -po (password) option, but not -pi (password)
pvk2pfx -pvk %2.pvk -pi %4 -spc %2.cer -pfx %2.pfx -f

goto END

:USAGE

echo.
echo USAGE: 
echo.
echo make-waz-management-cert COMMON-NAME-STRING FILESPEC-WITHOUT-EXTENSION [-private PASSWORD]
echo Use of the optional -private parameter will result in several prompts for a password (NOTE: USE THE 
echo SAME ONE EACH TIME including for the one passed in on command line) and will create the following:
echo    FILESPEC-WITHOUT-EXTENSION.cer
echo    FILESPEC-WITHOUT-EXTENSION.pvk 
echo    FILESPEC-WITHOUT-EXTENSION.pfx
echo.
echo EXAMPLE:
echo.
echo %0 "CN=WAZ Mgmt, O=DevPartners, OU=Bill Wilder, L=Boston, S=Massachusetts, C=US" billw-waz-mgmt
echo.
echo RESULTS IN:
echo.
echo makecert.exe -r -pe -n "CN=WAZ Mgmt (Bill Wilder)" -ss My -sky exchange -sp "Microsoft Enhanced RSA and AES Cryptographic Provider" -sy 24 billw-azure-mgmt.cer
echo.
echo To include the local machine name as part of your certificate name, change the first parameter to something like:
echo    "CN=WAZ Mgmt, O=%%COMPUTERNAME%%"
echo Note that the local machine name is less useful when the full certificate (private key) is being shared across multiple
echo machines (so they can all publish with the same credentials) since the "local" machine name is no longer correct (or meaningful).
echo.

:END