Jump to content

makecert -n option syntax to produce X.509 DNs with special characters (comma)

olspookishmagus

By olspookishmagus
in Software Hangout

 Share

Recommended Posts

olspookishmagus

olspookishmagus

Posted
Posted

Hello.

I've been trying to utilise makecert to create a self-signed cert but I can't get find the required makecert syntax for its -n option to create DNs containing commas.

An example that would fail is: 

makecert.exe -r -pe -n "CN=Litware,OU=Docs\,Adatum,DC=Fabrikam,DC=COM" -a md5 -sky signature -cy authority -sv Litware_Root_CA.pvk -len 512 -m 13 -ss Root -sr localMachine -eku 1.3.6.1.5.5.7.3.3 -sp "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)" -sy 24 Litware_Root_CA.cer

And it would fail as such: 

Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597)

If you remove the removed the escaped comma character from the OU DN everything would proceed Ok.

What I have already tried: 

-n quoted with  DNs quoted          DNs seperator   special chars   error
--------------- -----------         --------------  --------------  ------
double quotes   no                  comma           unescaped       E1
double quotes   no                  comma           escaped         E1
double quotes   no                  semicolon       unescaped       E1
double quotes   no                  semicolon       escaped         E1
double quotes   yes, double quotes  comma           unescaped       E2
double quotes   yes, double quotes  comma           escaped         E2
double quotes   yes, double quotes  semicolon       unescaped       E2
double quotes   yes, double quotes  semicolon       escaped         E2
single quotes   no                  comma           unescaped       E1
single quotes   no                  comma           escaped         E1
single quotes   no                  semicolon       unescaped       E1
single quotes   no                  semicolon       escaped         E1
single quotes   yes, double quotes  comma           unescaped       E1
single quotes   yes, double quotes  comma           escaped         E1
single quotes   yes, double quotes  semicolon       unescaped       E1
single quotes   yes, double quotes  semicolon       escaped         E1

E1: Error: CryptCertStrToNameW failed => 0x80092023 (-2146885597)
E2: Error: Too many Parameters

Just to clarify, I'm running makecert version 6.1.7600.16385 from within PowerShell version 2.0.

So I would appreciate any help on how to overcome this.

 


mixit

mixit

Posted
Posted (edited)

You need to quote the attribute content and escape the quotes to get them passed to the command, no need to escape the comma itself. And you don't even need to quote for the shell when there are no spaces or special characters. All of these work for me: 

-n "CN=Litware,OU=\"Docs,Adatum\",DC=Fabrikam,DC=COM"
-n CN=Litware,"OU=\"Docs,Adatum\"",DC=Fabrikam,DC=COM
-n CN=Litware,OU=\"Docs,Adatum\",DC=Fabrikam,DC=COM

(I actually didn't know about the comma thing, but fortunately this was the top result for googling "makecert comma". :))

Edited by mixit
olspookishmagus

olspookishmagus

Posted
  • Author
Posted
21 minutes ago, mixit said:

You need to quote the attribute content and escape the quotes to get them passed to the command, no need to escape the comma itself.
...

Not working for me.

Before I post my full command, would you mind letting me know whether your run this from PowerShell or from Command Prompt (cmd)?

Thanks once more.

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...