Introduction: Certman is a utility, bundled with several AccessData products, that can be used to generate self-signed certificates.  These certificates can be used with the Enterprise Agent and other AccessData products.  The steps below will demonstrate how to use Certman.


Updates:

  • Certman3 uses SHA256 and 2048-bit length keys by default.

 

Prerequisites:

  • Download and unzip certman.zip, the unzipped copy will be your working directory containing certman.exe.

Procedure:

  1. Open a Command Prompt (as Administrator)
  2. Navigate to the folder containing certman.exe
  3. Run the following command to generate a self-signed public/private key pair:
    certman.exe -n 
    Where is the name of the local PC where Certman is being run (including domain, if applicable), and is what you'd like to name the certificate.
  4. Certman will generate a P12 private key package, KEY, and CRT public certificate in the same folder as certman.exe

Example:

If my PC were named "ADPC", on the "adlocal.com" domain, and I wanted my certificates to be named "MyCert", I'd run the following command:

certman.exe -n ADPC.adlocal.com MyCert

This would produce a private key package named MyCert.p12, MyCert.key, and a public certificate named MyCert.crt.


To specify the key length use the -k switch. 

certman.exe -k 4096 -n ADPC.adlocal.com MyCert

This would produce a private key package named MyCert.p12, MyCert.key, and a public certificate named MyCert.crt with a key length of 4096

Notes:

  • Certificates generated by Certman are valid for 10 years
  • The resulting P12 is encrypted for use only with AccessData products
  • The resulting P12 and CRT can be used directly in AD Enterprise, AD Lab, FTK, Site Server, and FTK Central, without the need for conversion to ADP12