|
||
MakeKeys
- Certification Generator syntax
The Certification Generator, MakeKeys.exe
, is a PC based
command line tool which creates a private/public key pair and issues
certificate requests. The resultant private key is used to digitally sign
installation files, enabling the install system to authenticate them. It
carries out the following tasks:
Create a private key and self signed certificate (i.e. a private/public key pair, where the public key is in the form of a self signed certificate)
Create a certificate request given a self-signed certificate
View certificate details (optional).
makekeys -cert [-v] [-expdays <cert-expiry-in-days>] [-password <password>] [-len <key-length>] -dname <distinguished-name-string> <private-key-file> <public-key-cert>
For example:
makekeys -cert -expdays 3650 -password yourpassword -len 2048 -dname "CN=Joe Bloggs OU=Development O=Symbian Software Ltd C=GB [email protected]" mykey.key mycert.cer
Arguments table below
If the private-key-file does not exist it will be created.
makekeys -req [-v] [-password <password>] -dname <distinguished-name-string> <private-key-file> <public-key-cert> <cert-request-file>
For example:
makekeys -req -password yourpassword -dname "CN=Joe Bloggs OU=Development O=Symbian Software Ltd C=GB [email protected]" mykey.key mycert.cer myreq.p10
It is then up to the developer to send the certificate request to be signed by a trusted third party, i.e. a Certificate Authority (CA). The CA uses various means to establish that the originator of the certificate request is who they claim to be. The developer's public key is signed by the CA, using the CA's private key, creating a certificate, which is then sent back to the applicant. The CA may return a single certificate, or a file containing a chain of certificates.
It is important that certificates returned by CAs are in the base64 encoded ASCII format. The Certification Generator generates base64 encoded certificate files and expects certificates that come back from a CA to be in the same format.
The CA may return a file containing a certificate chain. These are supported, and are needed if intermediate certificates are required between the CA's root certificate on the Symbian OS phone and the developer certificate.
Arguments table below
makekeys -view <public-key-cert>
Displays details of a certificate or certificate chain file. The
-view
command should be used with an existing certificate file
(which should be in base 64 encoded format).
For example:
makekeys -view mycert.cer
Arguments table below
|
Create the private key ( |
||||||||||||||||||||||||
|
Create a certificate request. |
||||||||||||||||||||||||
|
View certificate details. |
||||||||||||||||||||||||
|
Verbose mode - displays additional diagnostic information. |
||||||||||||||||||||||||
|
The certificate validity period in days, after which the certificate expires. If not specified, the default is 1 year. |
||||||||||||||||||||||||
|
The
A distinguished name string needs at least two attributes. |
||||||||||||||||||||||||
|
Password (optional). After creation, the |
||||||||||||||||||||||||
|
The |
||||||||||||||||||||||||
|
The file containing the private key. The private key should
kept secret by the developer, whereas the public key is usually made generally
available. Has a |
||||||||||||||||||||||||
|
A self-signed certificate containing the public key. Has a
|
||||||||||||||||||||||||
|
A self-contained file which is sent to the CA. The
Certification Generator will create this file given a private and public key.
It is then up to the developer to send the file to the CA and arrange for the
application for the certificate. Has a |