dotnet web services enhancements: Where does ROOT AGENCY come from? -- dotnet web services enhancements

Where does ROOT AGENCY come from?

dustinbreese
8/30/2006 12:00:11 PM

dotnet web services enhancements:

The makecert.exe tool signs certificates with the ROOT AGENCY.

Couple of questions --

1. Who created this ROOT AGENCY "CA"? Microsoft, I presume?

2. Does the ROOT AGENCY cert contain the same serial #/thumbprints
across all versions of Windows? (XP and 2003 appears to be the same)

3. If it is signing things, where is the private key located?

Thanks,
Dustin

Re: Where does ROOT AGENCY come from?

Pablo Cibraro [MVP]
9/5/2006 11:07:37 AM

Hi Dustin,

I think it is hardcoded CA, but I am not sure at all. You can also create
self-signed certificates with that tool (Or use a valid CA certificate to
sign them).

For example,

makecert -pe -n CN=MyCARoot -ss Root -sr LocalMachine -a sha1 -sky
signature -r "Authority.cer" (It creates a self-signed certificate for the
CA)

makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyCert -sky
exchange -pe -is Root -ir LocalMachine -in MyCARoot (It signs the
certificate with the CA certificate).

Regards,
Pablo Cibraro.
http://weblogs.asp.net/cibrax

[quoted text, click to view]